CVE-2025-9110

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-02

Last updated on: 2026-01-06

Assigner: QNAP Systems, Inc.

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-02

Last Modified

2026-01-06

Generated

2026-05-27

AI Q&A

2026-01-02

EPSS Evaluated

2026-05-25

NVD

CVE-2025-9110

Affected Vendors & Products

Vendor	Product	Version / Range
qnap	qts	5.2.0.2737
qnap	qts	5.2.0.2744
qnap	qts	5.2.0.2782
qnap	qts	5.2.0.2802
qnap	qts	5.2.0.2823
qnap	qts	5.2.0.2851
qnap	qts	5.2.0.2860
qnap	qts	5.2.1.2930
qnap	qts	5.2.2.2950
qnap	qts	5.2.3.3006
qnap	qts	5.2.4.3070
qnap	qts	5.2.4.3079
qnap	qts	5.2.4.3092
qnap	qts	5.2.5.3145
qnap	qts	5.2.6.3195
qnap	qts	5.2.6.3229
qnap	qts	5.2.7.3256
qnap	qts	5.2.7.3297
qnap	quts_hero	h5.2.0.2737
qnap	quts_hero	h5.2.0.2782
qnap	quts_hero	h5.2.0.2789
qnap	quts_hero	h5.2.0.2802
qnap	quts_hero	h5.2.0.2823
qnap	quts_hero	h5.2.0.2851
qnap	quts_hero	h5.2.0.2860
qnap	quts_hero	h5.2.1.2929
qnap	quts_hero	h5.2.1.2940
qnap	quts_hero	h5.2.2.2952
qnap	quts_hero	h5.2.3.3006
qnap	quts_hero	h5.2.4.3070
qnap	quts_hero	h5.2.4.3079
qnap	quts_hero	h5.2.5.3138
qnap	quts_hero	h5.2.6.3195
qnap	quts_hero	h5.2.7.3256
qnap	quts_hero	h5.2.7.3297
qnap	quts_hero	h5.3.0.3115
qnap	quts_hero	h5.3.0.3145
qnap	quts_hero	h5.3.0.3192

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-497	The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability involves the exposure of sensitive system information to an unauthorized control sphere in several QNAP operating system versions. Remote attackers can exploit this flaw to read application data without authorization.

How can this vulnerability impact me? :

The vulnerability allows remote attackers to access sensitive application data without permission, potentially leading to data breaches or unauthorized information disclosure.

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately update your QNAP operating system to the fixed versions: QTS 5.2.8.3332 build 20251128 or later, QuTS hero h5.2.8.3321 build 20251117 or later, or QuTS hero h5.3.1.3250 build 20250912 or later.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-9110

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart