Description:
QNAP has published security advisory to address a vulnerability in QNAP product. The list of patches can be found at:
https://www.qnap.com/go/security-advisory/qsa-25-56
Affected Systems:
- QNAP NAS devices running QTS operating system versions prior to 5.2.x
For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.
Impact:
Successful exploitation of the vulnerability could lead to elevation of privilege on an affected system.
Recommendation:
Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.qnap.com/go/security-advisory/qsa-25-56
- https://www.hkcert.org/security-bulletin/qnap-nas-elevation-of-privilege-vulnerability_20260130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66276
