Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-13053

created 4 months ago

A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

References

https://www.asustor.com/security/security_advisory_detail?id=49 vendor-advisory

Affected products

UPS

=<5.1.0.RN42
=<4.3.3.RKD2

Matching in nixpkgs

pkgs.perlPackages.NetCUPS

Common Unix Printing System Interface

nixos-unstable 0.64
- nixpkgs-unstable 0.64
- nixos-unstable-small 0.64
nixos-25.11 0.64
- nixpkgs-25.11-darwin 0.64

pkgs.perl538Packages.NetCUPS

Common Unix Printing System Interface

nixos-unstable 0.64
- nixpkgs-unstable 0.64
- nixos-unstable-small 0.64
nixos-25.11 0.64
- nixpkgs-25.11-darwin 0.64

pkgs.perl540Packages.NetCUPS

Common Unix Printing System Interface

nixos-unstable 0.64
- nixpkgs-unstable 0.64
- nixos-unstable-small 0.64
nixos-25.11 0.64
- nixpkgs-25.11-darwin 0.64