Description

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command.

Classification

CVE ID: CVE-2025-20055

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Y'S corporation

Product: STEALTHONE D220

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.76% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://stealthone.net/product_info/d220-d340%e3%80%8cv6-03-03%e3%80%8d%e5%8f%8a%e3%81%b3d440%e3%80%8cv7-00-11%e3%80%8d%e3%83%95%e3%82%a1%e3%83%bc%e3%83%a0%e3%82%a6%e3%82%a7%e3%82%a2%e3%82%92%e3%83%aa%e3%83%aa%e3%83%bc%e3%82%b9%e8%87%b4/
https://jvn.jp/en/vu/JVNVU99653331/

Timeline