Security Alert (A25-08-26): Multiple Vulnerabilities in QNAP Products


 

Published on: 01 September 2025

Share on Facebook    Share on X   

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of patches can be found at:
https://www.qnap.com/en/security-advisory/QSA-25-19
https://www.qnap.com/en/security-advisory/QSA-25-20
https://www.qnap.com/en/security-advisory/QSA-25-21
https://www.qnap.com/en/security-advisory/QSA-25-22
https://www.qnap.com/en/security-advisory/QSA-25-23
https://www.qnap.com/en/security-advisory/QSA-25-24
https://www.qnap.com/en/security-advisory/QSA-25-25
https://www.qnap.com/en/security-advisory/QSA-25-27
https://www.qnap.com/en/security-advisory/QSA-25-28
https://www.qnap.com/en/security-advisory/QSA-25-29

 

Affected Systems:

  • QNAP NAS devices running File Station 5 versions prior to 5.5.6.4907
  • QNAP NAS devices running HybridDesk Station versions prior to 4.2.18
  • QNAP NAS devices running Legacy VioStor NVR: QVR versions prior to 5.1.6 build 20250621
  • QNAP NAS devices running License Center versions prior to 1.9.51
  • QNAP NAS devices running Photo Station versions prior to 6.4.5 (2025/01/02)
  • QNAP NAS devices running Qsync Central versions prior to 5.0.0.0 (2025/06/13)
  • QNAP NAS devices running QTS operating system versions prior to 5.2.5.3145 build 20250526
  • QNAP NAS devices running QuRouter versions prior to 2.5.1.060
  • QNAP NAS devices running QuTS hero operating system versions prior to h5.2.5.3138 build 20250519

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, information disclosure, security restriction bypass or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/QSA-25-19
  • https://www.qnap.com/en/security-advisory/QSA-25-20
  • https://www.qnap.com/en/security-advisory/QSA-25-21
  • https://www.qnap.com/en/security-advisory/QSA-25-22
  • https://www.qnap.com/en/security-advisory/QSA-25-23
  • https://www.qnap.com/en/security-advisory/QSA-25-24
  • https://www.qnap.com/en/security-advisory/QSA-25-25
  • https://www.qnap.com/en/security-advisory/QSA-25-27
  • https://www.qnap.com/en/security-advisory/QSA-25-28
  • https://www.qnap.com/en/security-advisory/QSA-25-29
  • https://www.hkcert.org/security-bulletin/qnap-nas-multiple-vulnerabilities_20250901
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22995
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45188
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42464
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12923
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38439 (to CVE-2024-38441)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22483
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29874 (to CVE-2025-29875)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29878 (to CVE-2025-29879)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29882
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29886 (to CVE-2025-29890)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29893 (to CVE-2025-29894)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29898 (to CVE-2025-29900)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30260 (to CVE-2025-30265)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30267 (to CVE-2025-30268)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30270 (to CVE-2025-30275)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30277 (to CVE-2025-30278)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33032 (to CVE-2025-33033)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33036 (to CVE-2025-33038)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44015
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52856
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52861


Tag: NAS , QNAP File Station , QNAP HybridDesk , QNAP Legacy VioStor , QNAP Photo Station , Qsync , QTS , QuRouter , QuTS hero
Tags