CVE-2025-22481

Published Jun 6, 2025

Last updated a month ago

CVSS high 8.7

Overview

Description
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
Source
security@qnapsecurity.com.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security@qnapsecurity.com.tw
CWE-77

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades en los productos de QNAP ❗CVE-2025-22481 ❗CVE-2025-29892 ❗CVE-2025-33031 ❗CVE-2025-30279 ➡️Más info: https://t.co/VNxsodrL8Z https://t.co/3nuXt2R8oc

    @CERTpy

    9 Jun 2025

    362 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.