CVE-2025-59381

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-02

Last updated on: 2026-01-06

Assigner: QNAP Systems, Inc.

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-02

Last Modified

2026-01-06

Generated

2026-05-07

AI Q&A

2026-01-02

EPSS Evaluated

2026-05-05

NVD

CVE-2025-59381

Affected Vendors & Products

Vendor	Product	Version / Range
qnap	qts	5.2.0.2737
qnap	qts	5.2.0.2744
qnap	qts	5.2.0.2782
qnap	qts	5.2.0.2802
qnap	qts	5.2.0.2823
qnap	qts	5.2.0.2851
qnap	qts	5.2.0.2860
qnap	qts	5.2.1.2930
qnap	qts	5.2.2.2950
qnap	qts	5.2.3.3006
qnap	qts	5.2.4.3070
qnap	qts	5.2.4.3079
qnap	qts	5.2.4.3092
qnap	qts	5.2.5.3145
qnap	qts	5.2.6.3195
qnap	qts	5.2.6.3229
qnap	qts	5.2.7.3256
qnap	qts	5.2.7.3297
qnap	quts_hero	h5.2.0.2737
qnap	quts_hero	h5.2.0.2782
qnap	quts_hero	h5.2.0.2789
qnap	quts_hero	h5.2.0.2802
qnap	quts_hero	h5.2.0.2823
qnap	quts_hero	h5.2.0.2851
qnap	quts_hero	h5.2.0.2860
qnap	quts_hero	h5.2.1.2929
qnap	quts_hero	h5.2.1.2940
qnap	quts_hero	h5.2.2.2952
qnap	quts_hero	h5.2.3.3006
qnap	quts_hero	h5.2.4.3070
qnap	quts_hero	h5.2.4.3079
qnap	quts_hero	h5.2.5.3138
qnap	quts_hero	h5.2.6.3195
qnap	quts_hero	h5.2.7.3256
qnap	quts_hero	h5.2.7.3297
qnap	quts_hero	h5.3.0.3115
qnap	quts_hero	h5.3.0.3145
qnap	quts_hero	h5.3.0.3192

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-22	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a path traversal issue affecting several QNAP operating system versions. If a remote attacker obtains an administrator account, they can exploit this vulnerability to read files or system data that they should not normally have access to.

How can this vulnerability impact me? :

If exploited, this vulnerability allows an attacker with administrator access to read unexpected files or system data, potentially exposing sensitive information and compromising system confidentiality.

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately update your QNAP operating system to QTS version 5.2.8.3332 build 20251128 or later, or QuTS hero version h5.2.8.3321 build 20251117 or later, as these versions contain the fix for the vulnerability. Additionally, ensure that administrator accounts are secured to prevent unauthorized remote access.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-59381

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart