PT-2025-40558 · Qnap · Qts+1
Yuze Wu
·
Published
2025-10-03
·
Updated
2025-10-08
·
CVE-2025-47212
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP versions prior to QTS 5.2.6.3195 build 20250715
QNAP versions prior to QuTS hero h5.2.6.3195 build 20250715
Description
A command injection issue exists in QNAP operating systems. A remote attacker with administrator privileges can execute arbitrary commands.
Recommendations
Update QTS to version 5.2.6.3195 build 20250715 or later.
Update QuTS hero to version h5.2.6.3195 build 20250715 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero