vulnerability
QNAP QTS: CVE-2025-9110: Multiple Vulnerabilities in QTS and QuTS hero
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jan 3, 2026 | Jan 15, 2026 | Jan 15, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 3, 2026
Added
Jan 15, 2026
Modified
Jan 15, 2026
Description
Multiple vulnerabilities have been reported to affect several QNAP operating system versions: CVE-2025-9110: Exposure of sensitive system information to an unauthorized control sphere vulnerability If exploited, remote attackers can read application data. CVE-2025-48721, CVE-2025-62852: Buffer overflow vulnerabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to modify memory or crash processes. CVE-2025-59380, CVE-2025-59381: Path traversal vulnerabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to read the contents of unexpected files or system data. We have already fixed the vulnerabilities in the following versions:
Solution
qnap-qts-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.