CVE-2025-52861
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-09-02
Assigner: QNAP Systems, Inc.
Description
Description
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | viostor | 5.1.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in VioStor. If a remote attacker obtains an administrator account, they can exploit this flaw to access and read files or system data that they should not normally be able to access.
How can this vulnerability impact me? :
The vulnerability allows an attacker with administrator access to read unexpected files or system data, potentially exposing sensitive information and compromising system confidentiality and integrity.
What immediate steps should I take to mitigate this vulnerability?
Upgrade VioStor to version 5.1.6 build 20250621 or later to fix the vulnerability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70