CVE Catalog

CVE-2025-59381

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

17th percentile - higher than 17% of all known CVEs

Summary

A path traversal vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to read the contents of unexpected files or system data.

Risk Assessment

This vulnerability poses a risk of unauthorized access to sensitive data, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to update the system to QTS version 5.2.8.3332 or later, QuTS hero h5.2.8.3321 or later, or QuTS hero h5.3.2.3354 or later to mitigate this vulnerability.

Original NVD description (English source)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.2.3354 build 20251225 and later

Vulnerability data from NVD (NIST) · CISA KEV · EPSS