Cyber Posture

CVE-2025-26167

High

Published: 06 March 2025

Published
06 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0018 38.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26167 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-14 (Public Access Protections).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely application of firmware patches to remediate the arbitrary file read vulnerability in Buffalo LS520D firmware 4.53.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations to block unauthenticated remote access to arbitrary internal files via the NAS web UI.

SC-14 Public Access Protections good match
prevent

Limits public access to web UI resources, preventing unauthorized exposure of sensitive internal files without authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Arbitrary unauthenticated file read in public-facing NAS web UI directly enables exploitation of public-facing applications (T1190) and collection of sensitive data from the local system (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.

Deeper analysisAI

CVE-2025-26167 is an arbitrary file read vulnerability affecting the Buffalo LS520D NAS device running firmware version 4.53. The flaw resides in the NAS web UI, enabling attackers to access and read arbitrary internal files without authentication.

Unauthenticated attackers with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Exploitation allows reading of sensitive internal files, resulting in high confidentiality impact but no integrity or availability disruption, as reflected in its CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and mapping to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

Advisories detailing the issue, including potential mitigations, are available from SpikeReply at https://github.com/SpikeReply/advisories/blob/0f15f5aefb959fbaff049da7cc3e36733e25b580/cve/buffalo/cve-2025-26167.md. The CVE was published on 2025-03-06.

Details

CWE(s)
CWE-200

CVEs Like This One

CVE-2025-24253Shared CWE-200
CVE-2026-39412Shared CWE-200
CVE-2024-55272Shared CWE-200
CVE-2026-4660Shared CWE-200
CVE-2025-22973Shared CWE-200
CVE-2026-2268Shared CWE-200
CVE-2025-27784Shared CWE-200
CVE-2025-8590Shared CWE-200
CVE-2026-24870Shared CWE-200
CVE-2024-57716Shared CWE-200

References