A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-25-36 |
![]() ![]() |
History
Mon, 06 Oct 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qts Qnap quts Hero |
|
Vendors & Products |
Qnap
Qnap qts Qnap quts Hero |
Fri, 03 Oct 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 03 Oct 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later | |
Title | QTS, QuTS hero | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published: 2025-10-03T18:10:04.837Z
Updated: 2025-10-03T18:53:40.403Z
Reserved: 2025-05-02T05:58:18.475Z
Link: CVE-2025-47211

Updated: 2025-10-03T18:52:49.293Z

Status : Awaiting Analysis
Published: 2025-10-03T19:15:43.800
Modified: 2025-10-06T14:56:47.823
Link: CVE-2025-47211

No data.