FKIE_CVE-2025-9110
Vulnerability from fkie_nvd - Published: 2026-01-02 16:17 - Updated: 2026-01-06 13:55
Severity ?
Summary
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later
References
| URL | Tags | ||
|---|---|---|---|
| security@qnapsecurity.com.tw | https://www.qnap.com/en/security-advisory/qsa-25-51 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | 5.2.0.2737 | |
| qnap | qts | 5.2.0.2744 | |
| qnap | qts | 5.2.0.2782 | |
| qnap | qts | 5.2.0.2802 | |
| qnap | qts | 5.2.0.2823 | |
| qnap | qts | 5.2.0.2851 | |
| qnap | qts | 5.2.0.2860 | |
| qnap | qts | 5.2.1.2930 | |
| qnap | qts | 5.2.2.2950 | |
| qnap | qts | 5.2.3.3006 | |
| qnap | qts | 5.2.4.3070 | |
| qnap | qts | 5.2.4.3079 | |
| qnap | qts | 5.2.4.3092 | |
| qnap | qts | 5.2.5.3145 | |
| qnap | qts | 5.2.6.3195 | |
| qnap | qts | 5.2.6.3229 | |
| qnap | qts | 5.2.7.3256 | |
| qnap | qts | 5.2.7.3297 | |
| qnap | quts_hero | h5.2.0.2737 | |
| qnap | quts_hero | h5.2.0.2782 | |
| qnap | quts_hero | h5.2.0.2789 | |
| qnap | quts_hero | h5.2.0.2802 | |
| qnap | quts_hero | h5.2.0.2823 | |
| qnap | quts_hero | h5.2.0.2851 | |
| qnap | quts_hero | h5.2.0.2860 | |
| qnap | quts_hero | h5.2.1.2929 | |
| qnap | quts_hero | h5.2.1.2940 | |
| qnap | quts_hero | h5.2.2.2952 | |
| qnap | quts_hero | h5.2.3.3006 | |
| qnap | quts_hero | h5.2.4.3070 | |
| qnap | quts_hero | h5.2.4.3079 | |
| qnap | quts_hero | h5.2.5.3138 | |
| qnap | quts_hero | h5.2.6.3195 | |
| qnap | quts_hero | h5.2.7.3256 | |
| qnap | quts_hero | h5.2.7.3297 | |
| qnap | quts_hero | h5.3.0.3115 | |
| qnap | quts_hero | h5.3.0.3145 | |
| qnap | quts_hero | h5.3.0.3192 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*",
"matchCriteriaId": "F4026A4B-7AB4-48EA-971D-88DFDD3F01A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*",
"matchCriteriaId": "1F3F99BB-0D68-4D74-92C8-59E24F96C50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*",
"matchCriteriaId": "1DE63B4D-8E84-41D3-B1F3-04AE6040242B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*",
"matchCriteriaId": "75746563-C648-4E55-9126-703F915F8B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*",
"matchCriteriaId": "AF6BA027-A635-4E90-80C8-130B10AB3D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*",
"matchCriteriaId": "5406F242-A215-4B07-809F-7A7CE55ACE71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*",
"matchCriteriaId": "FA17778E-B3B1-44DD-B4E9-5AD25A3E804C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*",
"matchCriteriaId": "E3FC6646-2247-4ED9-9643-CD376674E2E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*",
"matchCriteriaId": "62170342-067D-442C-88FB-64A4BEA8AFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*",
"matchCriteriaId": "82464467-E1E6-47E1-BDE5-DDFA52994A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*",
"matchCriteriaId": "75AE902C-0516-4341-9BF0-21D8803E091C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*",
"matchCriteriaId": "5B005D70-8C91-48D4-B09A-9EBE2E9E5090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*",
"matchCriteriaId": "82FE5F89-A0E1-4D1B-A363-0A0D4141F502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*",
"matchCriteriaId": "B21A9EE0-88D5-42D9-BA21-D55518FCC6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*",
"matchCriteriaId": "3B575CF2-21F3-4435-B6B4-61D79B34429C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*",
"matchCriteriaId": "E2EBD305-91E3-4BCC-835B-4878DF4DA3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*",
"matchCriteriaId": "554CB021-1477-4E63-8EBA-74056B4D8DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*",
"matchCriteriaId": "153F90E1-A54F-4B8D-AEEA-4643421AFF7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*",
"matchCriteriaId": "CDCBB36A-CB91-4BA3-A6ED-952E6A4A0481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*",
"matchCriteriaId": "240BCFF1-CCCB-4C07-8E2C-7F43F68407FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*",
"matchCriteriaId": "D3AF7276-77E0-474A-B10F-AC15BC5FCF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*",
"matchCriteriaId": "5FA8C3EC-B6C0-44A8-BC91-18E3E90C63AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*",
"matchCriteriaId": "889336D2-D9F7-4CC0-A22F-B837B5E77751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*",
"matchCriteriaId": "98F72EB9-0EE3-416A-B9BB-2512F5203A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*",
"matchCriteriaId": "9110382F-57C2-4C2E-82D1-3246C882B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*",
"matchCriteriaId": "DB92EFD7-47DD-4AAC-97BD-A2D4918FF4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*",
"matchCriteriaId": "78E38E23-1AD0-49E1-89FA-73DC2F496137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*",
"matchCriteriaId": "F2F302B6-26CC-4044-B480-4EBDBB90797F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*",
"matchCriteriaId": "BF0093B6-8D38-4D1E-AD71-79299123C2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*",
"matchCriteriaId": "48A3CDAA-B0C6-4280-B1AC-DDD027F9D632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*",
"matchCriteriaId": "1807DE4F-CDF3-4E3B-ADC1-9535EF1D60FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*",
"matchCriteriaId": "68FF7342-A0AF-4E75-9CD6-D584B450B8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*",
"matchCriteriaId": "A8E84E3D-943C-4DF5-86D3-DCAC3C034B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*",
"matchCriteriaId": "17720E05-1BBF-4605-A777-FA4059B3C2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*",
"matchCriteriaId": "39CB5F1C-9811-499D-9D32-34B40E0D475E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*",
"matchCriteriaId": "4175C7F7-E946-41C6-8863-E23233B91A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*",
"matchCriteriaId": "DE16C73E-9291-44FD-A9CB-B7C127E67A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*",
"matchCriteriaId": "ED4023E4-6C28-413A-B7B1-6CEEBC48A1C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later\nQuTS hero h5.3.1.3250 build 20250912 and later"
}
],
"id": "CVE-2025-9110",
"lastModified": "2026-01-06T13:55:15.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
}
]
},
"published": "2026-01-02T16:17:05.643",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-25-51"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…