CVE-2025-44015
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-12-08

Assigner: QNAP Systems, Inc.

Description
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-44015
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qnap hybriddesk_station From 4.2.0 (inc) to 4.2.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-44015 is a command injection vulnerability in QNAP's HybridDesk Station version 4.2.x. It allows an attacker who has local network access to execute arbitrary commands on the affected system, potentially compromising it. The vulnerability has been fixed in version 4.2.18 and later. [1]

Impact Analysis

If exploited, this vulnerability could allow an attacker on the local network to run arbitrary commands on your system, which may lead to unauthorized control, data compromise, or disruption of services. It is recommended to update HybridDesk Station to version 4.2.18 or later to mitigate this risk. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update HybridDesk Station to version 4.2.18 or later. This can be done by logging into QTS or QuTS hero as an administrator, accessing the App Center, searching for "HybridDesk Station," and clicking the Update button if available. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-44015. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart