PT-2025-51363 · Qnap · Quts Hero+1
Le Mau Anh Phong
·
Published
2025-12-16
·
Updated
2025-12-17
·
CVE-2025-59385
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP versions prior to QTS 5.2.7.3297 build 20251024
QNAP versions prior to QuTS hero h5.2.7.3297 build 20251024
QNAP versions prior to QuTS hero h5.3.1.3292 build 20251024
Description
An authentication bypass allows unauthorized access to resources. Attackers can exploit this issue to gain access to resources without proper authentication.
Recommendations
Update QTS to version 5.2.7.3297 build 20251024 or later.
Update QuTS hero to version h5.2.7.3297 build 20251024 or later.
Update QuTS hero to version h5.3.1.3292 build 20251024 or later.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero