CVE-2025-46616CRITICAL 9.9EPSS p44.1%

CVE-2025-46616CVE-2025-46616

Description

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 44.1% · 2026-06-18T12:00:27Z
Published2025-04-25
Last modified2026-04-15

Underlying weaknesses· 1

CWE-434

References

  1. https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-67325
CVE
CVE-2025-37096
CVE
CVE-2025-32991
CVE
CVE-2025-37089
CVE
CVE-2025-37092
CVE
CVE-2025-8356
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.