PT-2025-40586 · Qnap · Qnap Qts+1
Coral
·
Published
2025-10-03
·
Updated
2025-10-03
·
CVE-2025-53406
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 5.2.6.3195 build 20250715
QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715
Description
A use of externally-controlled format string vulnerability exists in QNAP operating systems. If an attacker obtains an administrator account, they may be able to obtain secret data or modify memory.
Recommendations
Update QTS to version 5.2.6.3195 build 20250715 or later.
Update QuTS hero to version 5.2.6.3195 build 20250715 or later.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Qts
Qnap Quts Hero