PT-2025-24292 · Qnap · Qnap Qts+1

Izut

Published

2025-06-06

Updated

2025-06-10

CVE-2025-22481

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.4.3079 build 20250321 QNAP QuTS hero versions prior to h5.2.4.3079 build 20250321

Description A command injection issue has been reported, affecting several QNAP operating system versions. This could allow remote attackers with user access to execute arbitrary commands.

Recommendations For QNAP QTS versions prior to 5.2.4.3079 build 20250321, update to QTS 5.2.4.3079 build 20250321 or later. For QNAP QuTS hero versions prior to h5.2.4.3079 build 20250321, update to QuTS hero h5.2.4.3079 build 20250321 or later.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2025-22481

Affected Products

Qnap Qts

Qnap Quts Hero

PT-2025-24292 · Qnap · Qnap Qts+1

CVE-2025-22481

Weakness Enumeration

Related Identifiers

Affected Products

References · 6