QNAP QTS: CVE-2025-48729: Multiple Vulnerabilities in QTS and QuTS hero

Multiple vulnerabilities have been reported to affect certain QNAP operating system versions: CVE-2025-47211: Path traversal vulnerability If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. CVE-2025-47212: Command injection vulnerability If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to execute arbitrary commands. CVE-2025-47213, CVE-2025-47214, CVE-2025-48726, CVE-2025-48727, CVE-2025-48728, CVE-2025-48729, CVE-2025-52424, CVE-2025-52427, CVE-2025-52428, CVE-2025-52432, CVE-2025-52433, CVE-2025-52853, CVE-2025-52854, CVE-2025-52855, CVE-2025-52857, CVE-2025-52858, CVE-2025-52859, CVE-2025-52860, CVE-2025-52862, CVE-2025-52866: NULL pointer dereference vulnerabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to launch a denial-of-service (DoS) attack. CVE-2025-48730, CVE-2025-52429, CVE-2025-53406, CVE-2025-53407: Use of externally-controlled format string vulnerabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to obtain secret data or modify memory. We have already fixed the vulnerabilities in the following versions: