CVE-2025-26167

Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Common Weakness Enumeration
References
https://github.com/SpikeReply/advisories/blob/0f15f5aefb959fbaff049da7cc3e36733e25b580/cve/buffalo/cve-2025-26167.md
https://github.com/SpikeReply/advisories/blob/0f15f5aefb959fbaff049da7cc3e36733e25b580/cve/buffalo/cve-2025-26167.md