CVE-2025-52856
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-12-10
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qvr | From 5.1.0 (inc) to 5.1.6 (exc) |
| qnap | qvr | 5.1.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to gain unauthorized access to the VioStor system, potentially compromising system security and control. This could lead to unauthorized actions or data exposure on the affected device. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your VioStor NVR firmware to version 5.1.6 build 20250621 or later. The update process involves logging into the VioStor NVR as an administrator, navigating to Control Panel > System Settings > Firmware Update, uploading the latest firmware file downloaded from the official QNAP website, and applying the update. Regularly updating firmware is recommended to maintain device security and protect against known vulnerabilities. [1]
Can you explain this vulnerability to me?
CVE-2025-52856 is an improper authentication vulnerability in the QVR firmware for legacy VioStor NVR devices. It allows a remote attacker to bypass authentication controls and compromise the security of the system without needing valid credentials. [1]