CVE-2025-66848CRITICAL 9.8EPSS p58.6%

CVE-2025-66848CVE-2025-66848

Description

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.01% probability of exploitation · percentile 58.6% · 2026-06-19T12:03:05Z
Published2025-12-30
Last modified2026-01-09

Underlying weaknesses· 1

CWE-94

References

  1. http://jd.com
  2. https://www.notion.so/JD-Cloud-Unauth-RCE-2d22b76e8e0c802c975bf186b208d0c2
  3. https://www.jdcloud.com/cn/

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2561
CVE
CVE-2026-2563
CVE
CVE-2026-2562
CVE
CVE-2025-44635
CVE
CVE-2025-8693
CVE
CVE-2026-11413
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.