CVE-2025-9110

Low CVSS: 2.7

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.

We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later

Vendor

Qnap

Product

Qts

CWE

CWE-497

Yayın Tarihi

2026-01-02 16:17:05

Güncelleme

2026-01-06 13:55:15

Source Identifier

security@qnapsecurity.com.tw

KEV Date Added

Kategoriler

CWE-497 Qts LOW Qnap 2026

Referanslar

https://www.qnap.com/en/security-advisory/qsa-25-51

Benzer Kayıtlar

High

CVE-2026-22897

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vul…

Medium

CVE-2026-22900

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exp…

Medium

CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, th…

Medium

CVE-2026-22902

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator ac…

Medium

CVE-2025-59388

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can th…

Low

CVE-2024-14025

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who…