Summary: JPCERT/CC has issued a warning about critical vulnerabilities in STEALTHONE D220, D340, and D440 network storage servers, urging immediate firmware updates. The vulnerabilities, identified as CVE-2025-20016, CVE-2025-20055, and CVE-2025-20620, could allow attackers to execute arbitrary commands, gain unauthorized access, and steal administrative passwords. Users are advised to update their devices to the latest firmware to mitigate these risks.
Threat Actor: Unknown | unknown
Victim: Y’S Corporation | Y’S Corporation
Keypoints :
- Multiple vulnerabilities identified in STEALTHONE D220, D340, and D440 network storage servers.
- CVE-2025-20055 is a critical command injection vulnerability with a CVSS score of 9.8.
- Firmware updates are available and users are strongly advised to update immediately.