What is the severity of CVE-2025-46617?

CVE-2025-46617 is classified as a high severity vulnerability due to the unauthorized access and potential modification of internal configurations.

How do I fix CVE-2025-46617?

To mitigate CVE-2025-46617, upgrade to Quantum StorNext version 7.2.4 or later.

What products are affected by CVE-2025-46617?

CVE-2025-46617 affects Quantum StorNext, StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage prior to version 7.2.4.

What kind of access does CVE-2025-46617 grant?

CVE-2025-46617 grants unauthorized access to internal StorNext configuration and allows modification of some software configuration parameters.

Is there a workaround for CVE-2025-46617?

There is no documented workaround for CVE-2025-46617; upgrading to a secure version is recommended.

Vulnerability/
CVE-2025-46617

high

7.2

CWE

798

EPSS

0.027%

25/4/2025

CVE-2025-46617

First published: Fri Apr 25 2025(Updated: )

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Quantum StorNext	<7.2.4
Quantum StorNext	<7.2.4
Quantum StorNext	<7.2.4
Quantum ActiveScale Cold Storage	<7.2.4

Never miss a vulnerability like this again

Reference Links

https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/

Frequently Asked Questions

What is the severity of CVE-2025-46617?
CVE-2025-46617 is classified as a high severity vulnerability due to the unauthorized access and potential modification of internal configurations.
How do I fix CVE-2025-46617?
To mitigate CVE-2025-46617, upgrade to Quantum StorNext version 7.2.4 or later.
What products are affected by CVE-2025-46617?
CVE-2025-46617 affects Quantum StorNext, StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage prior to version 7.2.4.
What kind of access does CVE-2025-46617 grant?
CVE-2025-46617 grants unauthorized access to internal StorNext configuration and allows modification of some software configuration parameters.
Is there a workaround for CVE-2025-46617?
There is no documented workaround for CVE-2025-46617; upgrading to a secure version is recommended.

collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/quantum
canonical/quantum stornext
canonical/quantum activescale cold storage

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.