CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c26cf4e528a8087ba14d9b1d31a5bb2?source=copy_link	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zspace:q2c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zspace:q2c:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-03 18:16

Updated : 2026-02-11 16:14

NVD link : CVE-2025-69431

Mitre link : CVE-2025-69431

CVE.ORG link : CVE-2025-69431

JSON object : View

Products Affected

zspace

q2c
q2c_firmware

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2025-69431", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2026-02-03T18:16:16.930", "references": [{"url": "https://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c26cf4e528a8087ba14d9b1d31a5bb2?source=copy_link", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files."}, {"lang": "es", "value": "El NAS ZSPACE Q2C contiene una vulnerabilidad relacionada con el seguimiento incorrecto de enlaces simb\u00f3licos. Los atacantes pueden formatear una unidad USB a ext4, crear un enlace simb\u00f3lico a su directorio ra\u00edz, insertar la unidad en la ranura del dispositivo NAS y luego acceder al directorio de la unidad USB montado en el NAS utilizando el protocolo Samba. Esto les permite obtener todos los archivos dentro del sistema NAS y manipular esos archivos."}], "lastModified": "2026-02-11T16:14:00.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zspace:q2c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0492E177-A67B-4720-9E8E-0B6B7C2FEF24", "versionEndIncluding": "1.1.0210050"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zspace:q2c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17AE8991-8B42-4E41-A96B-948E337419A8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}