Vulnerability-Lookup

https://www.qnap.com/en/security-advisory/qsa-25-45

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "QNAP ist ein Hersteller von NAS (Network Attached Storage) L\u00f6sungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in QNAP NAS ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance\n- BIOS/Firmware\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2529 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2529.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2529 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2529"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory vom 2025-11-09",
        "url": "https://www.qnap.com/de-de/security-advisory/QSA-25-45"
      }
    ],
    "source_lang": "en-US",
    "title": "QNAP NAS QTS und QTS hero: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2025-12-15T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-16T08:39:58.383+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2529",
      "initial_release_date": "2025-11-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-12-15T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "QTS \u003c5.2.7.3297 build 20251024",
                "product": {
                  "name": "QNAP NAS QTS \u003c5.2.7.3297 build 20251024",
                  "product_id": "T048381"
                }
              },
              {
                "category": "product_version",
                "name": "QTS 5.2.7.3297 build 20251024",
                "product": {
                  "name": "QNAP NAS QTS 5.2.7.3297 build 20251024",
                  "product_id": "T048381-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:qnap:nas:qts__5.2.7.3297_build_20251024"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "QuTS hero \u003ch5.2.7.3297 build 20251024",
                "product": {
                  "name": "QNAP NAS QuTS hero \u003ch5.2.7.3297 build 20251024",
                  "product_id": "T048382"
                }
              },
              {
                "category": "product_version",
                "name": "QuTS hero h5.2.7.3297 build 20251024",
                "product": {
                  "name": "QNAP NAS QuTS hero h5.2.7.3297 build 20251024",
                  "product_id": "T048382-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:qnap:nas:quts_hero__h5.2.7.3297_build_20251024"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "QuTS hero \u003ch5.3.1.3292 build 20251024",
                "product": {
                  "name": "QNAP NAS QuTS hero \u003ch5.3.1.3292 build 20251024",
                  "product_id": "T048383"
                }
              },
              {
                "category": "product_version",
                "name": "QuTS hero h5.3.1.3292 build 20251024",
                "product": {
                  "name": "QNAP NAS QuTS hero h5.3.1.3292 build 20251024",
                  "product_id": "T048383-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:qnap:nas:quts_hero__h5.3.1.3292_build_20251024"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NAS"
          }
        ],
        "category": "vendor",
        "name": "QNAP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59385",
      "product_status": {
        "known_affected": [
          "T048383",
          "T048382",
          "T048381"
        ]
      },
      "release_date": "2025-11-09T23:00:00.000+00:00",
      "title": "CVE-2025-59385"
    },
    {
      "cve": "CVE-2025-62847",
      "product_status": {
        "known_affected": [
          "T048383",
          "T048382",
          "T048381"
        ]
      },
      "release_date": "2025-11-09T23:00:00.000+00:00",
      "title": "CVE-2025-62847"
    },
    {
      "cve": "CVE-2025-62848",
      "product_status": {
        "known_affected": [
          "T048383",
          "T048382",
          "T048381"
        ]
      },
      "release_date": "2025-11-09T23:00:00.000+00:00",
      "title": "CVE-2025-62848"
    },
    {
      "cve": "CVE-2025-62849",
      "product_status": {
        "known_affected": [
          "T048383",
          "T048382",
          "T048381"
        ]
      },
      "release_date": "2025-11-09T23:00:00.000+00:00",
      "title": "CVE-2025-62849"
    }
  ]
}

CVE-2025-62849 (GCVE-0-2025-62849)

Vulnerability from cvelistv5 – Published: 2025-12-16 02:24 – Updated: 2025-12-17 04:55

Title

QTS, QuTS hero

Summary

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Severity ?

5.2 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

CWE

CWE-89

Assigner

qnap

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 5.2.x , < 5.2.7.3297 build 20251024 (custom)

Affected: h5.2.x , < h5.2.7.3297 build 20251024 (custom)
Affected: h5.3.x , < h5.3.1.3292 build 20251024 (custom)

Credits

Pwn2Own 2025 - DEVCORE

Show details on NVD website

https://www.qnap.com/en/security-advisory/qsa-25-45

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-17T04:55:48.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.7.3297 build 20251024",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.7.3297 build 20251024",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.3.1.3292 build 20251024",
              "status": "affected",
              "version": "h5.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.2.7.3297_build_20251024",
                  "versionStartIncluding": "5.2.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "h5.2.7.3297_build_20251024",
                  "versionStartIncluding": "h5.2.x",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "h5.3.1.3292_build_20251024",
                  "versionStartIncluding": "h5.3.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pwn2Own 2025 - DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.3.1.3292 build 20251024 and later\u003cbr\u003e"
            }
          ],
          "value": "An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T02:24:58.273Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-45"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.3.1.3292 build 20251024 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-45",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2025-62849",
    "datePublished": "2025-12-16T02:24:58.273Z",
    "dateReserved": "2025-10-24T02:43:49.268Z",
    "dateUpdated": "2025-12-17T04:55:48.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62848 (GCVE-0-2025-62848)

Vulnerability from cvelistv5 – Published: 2025-12-16 02:25 – Updated: 2025-12-16 21:24

Title

QTS, QuTS hero

Summary

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Severity ?

8.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

CWE

CWE-476

Assigner

qnap

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 5.2.x , < 5.2.7.3297 build 20251024 (custom)

Affected: h5.2.x , < h5.2.7.3297 build 20251024 (custom)
Affected: h5.3.x , < h5.3.1.3292 build 20251024 (custom)

Credits

Pwn2Own 2025 - DEVCORE

Show details on NVD website

https://www.qnap.com/en/security-advisory/qsa-25-45

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62848",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T21:24:45.780330Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T21:24:54.910Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.7.3297 build 20251024",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.7.3297 build 20251024",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.3.1.3292 build 20251024",
              "status": "affected",
              "version": "h5.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.2.7.3297_build_20251024",
                  "versionStartIncluding": "5.2.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "h5.2.7.3297_build_20251024",
                  "versionStartIncluding": "h5.2.x",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "h5.3.1.3292_build_20251024",
                  "versionStartIncluding": "h5.3.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pwn2Own 2025 - DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.3.1.3292 build 20251024 and later\u003cbr\u003e"
            }
          ],
          "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T02:25:04.815Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-45"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.3.1.3292 build 20251024 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-45",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2025-62848",
    "datePublished": "2025-12-16T02:25:04.815Z",
    "dateReserved": "2025-10-24T02:43:45.373Z",
    "dateUpdated": "2025-12-16T21:24:54.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62847 (GCVE-0-2025-62847)

Vulnerability from cvelistv5 – Published: 2025-12-16 02:25 – Updated: 2025-12-16 21:25

Title

QTS, QuTS hero

Summary

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Severity ?

6.6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

CWE

CWE-88

Assigner

qnap

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 5.2.x , < 5.2.7.3297 build 20251024 (custom)

Affected: h5.2.x , < h5.2.7.3297 build 20251024 (custom)
Affected: h5.3.x , < h5.3.1.3292 build 20251024 (custom)

Credits

Pwn2Own 2025 - DEVCORE

Show details on NVD website

https://www.qnap.com/en/security-advisory/qsa-25-45

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T21:25:16.928426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T21:25:23.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.7.3297 build 20251024",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.7.3297 build 20251024",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.3.1.3292 build 20251024",
              "status": "affected",
              "version": "h5.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.2.7.3297_build_20251024",
                  "versionStartIncluding": "5.2.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "h5.2.7.3297_build_20251024",
                  "versionStartIncluding": "h5.2.x",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "h5.3.1.3292_build_20251024",
                  "versionStartIncluding": "h5.3.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pwn2Own 2025 - DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.3.1.3292 build 20251024 and later\u003cbr\u003e"
            }
          ],
          "value": "An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-137",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-137"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T02:25:11.210Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-45"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.2.7.3297 build 20251024 and later\u003cbr\u003eQuTS hero h5.3.1.3292 build 20251024 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-45",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2025-62847",
    "datePublished": "2025-12-16T02:25:11.210Z",
    "dateReserved": "2025-10-24T02:43:45.373Z",
    "dateUpdated": "2025-12-16T21:25:23.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59385 (GCVE-0-2025-59385)

Vulnerability from cvelistv5 – Published: 2025-12-16 02:25 – Updated: 2025-12-17 04:55

Title

QTS, QuTS hero

Summary

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Severity ?

8.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

CWE

CWE-290

Assigner

qnap

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 5.2.x , < 5.2.7.3297 build 20251024 (custom)

Affected: h5.2.x , < h5.2.7.3297 build 20251024 (custom)
Affected: h5.3.x , < h5.3.1.3292 build 20251024 (custom)

Credits

Le Mau Anh Phong at Verichains Cyber Force

Show details on NVD website