CVE-2025-59381
MediumCVSS 4.9Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
A path traversal vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to read the contents of unexpected files or system data.
Risk Assessment
This vulnerability poses a risk of unauthorized access to sensitive data, potentially leading to serious security breaches within the organization.
Recommendation
It is recommended to update the system to QTS version 5.2.8.3332 or later, QuTS hero h5.2.8.3321 or later, or QuTS hero h5.3.2.3354 or later to mitigate this vulnerability.
Original NVD description (English source)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.2.3354 build 20251225 and later

