CVE-2025-66848

Dec. 31, 2025, 8:42 p.m.

None
No Score

Description

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

Product(s) Impacted

Vendor Product Versions
Jd Cloud
  • Nas Router Ax1800
  • Nas Router Ax3000
  • Nas Router Ax6600
  • Nas Router Be6500
  • Nas Router Er1
  • Nas Router Er2
  • <4.3.1.r4308
  • <4.3.1.r4318
  • <4.5.1.r4533
  • <4.4.1.r4308
  • <4.5.1.r4518
  • <4.5.1.r4518

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a jd_cloud nas_router_ax1800 <4.3.1.r4308 / / / / / / /
a jd_cloud nas_router_ax3000 <4.3.1.r4318 / / / / / / /
a jd_cloud nas_router_ax6600 <4.5.1.r4533 / / / / / / /
a jd_cloud nas_router_be6500 <4.4.1.r4308 / / / / / / /
a jd_cloud nas_router_er1 <4.5.1.r4518 / / / / / / /
a jd_cloud nas_router_er2 <4.5.1.r4518 / / / / / / /

References

http://jd.com
https://www.notion.so/JD-Cloud-Unauth-RCE-2d22b76e8e0c802c975bf186b208d0c2

Tags

cve@mitre.org
2025-12-30
CVE-2025-66848

Timeline

Published: Dec. 30, 2025, 5:15 p.m.
Last Modified: Dec. 31, 2025, 8:42 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.