CVE-2025-66848
Published: 30 December 2025
Summary
CVE-2025-66848 is a critical-severity Code Injection (CWE-94) vulnerability in Jdcloud Ax1800 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2025-66848 is an unauthorized remote command execution vulnerability (CWE-94) present in JD Cloud NAS routers. Affected models and versions include AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier). The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-12-30.
Remote attackers with network access to affected routers can exploit this vulnerability without authentication, privileges, or user interaction. Successful exploitation enables arbitrary command execution, potentially leading to high-impact compromise of confidentiality, integrity, and availability on the targeted devices.
Mitigation guidance is available in vendor advisories, including those at http://jd.com, https://www.notion.so/JD-Cloud-Unauth-RCE-2d22b76e8e0c802c975bf186b208d0c2, and https://www.jdcloud.com/cn/.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-205835
Vulnerability details
JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthorized remote command execution (RCE) on public-facing JD Cloud NAS routers without authentication, directly facilitating T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and remediation of flaws such as this unauthorized remote command execution vulnerability in router firmware.
Explicitly identifies, authorizes, and controls actions performable without identification or authentication, preventing unauthorized remote command execution.
Monitors and controls communications at external interfaces, restricting network access to vulnerable NAS routers and blocking exploitation attempts.