vulnerability
QNAP QTS: CVE-2025-62849: Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2025)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Nov 8, 2025 | Nov 10, 2025 | Dec 17, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 8, 2025
Added
Nov 10, 2025
Modified
Dec 17, 2025
Description
Multiple vulnerabilities have been reported to affect certain QNAP operating system versions. We have already fixed the vulnerabilities in the following versions: CVE-2025-62847: Improper neutralization of argument delimiters in a command vulnerability If exploited, remote attackers can alter execution logic. CVE-2025-62848: NULL pointer dereference vulnerability If exploited, remote attackers can launch a denial-of-service (DoS) attack. CVE-2025-62849: SQL injection vulnerability If exploited, remote attackers can execute unauthorized code or commands. CVE-2025-59385: Authentication bypass by spoofing vulnerability If exploited, remote attackers can access resources which are not otherwise accessible without proper authentication.
Solution
qnap-qts-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.