← Voltar para CVEs
CVE-2025-62849
CRITICAL9.8
Descricao
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/16/2025
Ultima modificacao12/17/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
qnap:qtsqnap:quts_hero
Fraquezas (CWE)
CWE-89
Referencias
https://www.qnap.com/en/security-advisory/qsa-25-45(security@qnapsecurity.com.tw)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.