CVE-2025-52861

Published Aug 29, 2025

Last updated 6 days ago

CVSS high 7.0
VioStor

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-52861 is a path traversal vulnerability affecting VioStor. If a remote attacker gains an administrator account, they can exploit this vulnerability to read the contents of unexpected files or system data. The vulnerability has been fixed in VioStor version 5.1.6 build 20250621 and later. Users of VioStor versions prior to 5.1.6 are advised to update to the latest version to mitigate the risk.

Description
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
Source
security@qnapsecurity.com.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security@qnapsecurity.com.tw
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

8

  1. 🚨Dos vulnerabilidades críticas en QNAP ⚠️ CVE-2025-52856 ⚠️ CVE-2025-52861 https://t.co/XF5zIilEoS https://t.co/HfU8o5vbjb

    @elhackernet

    6 Sept 2025

    2879 Impressions

    7 Retweets

    15 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  2. QNAPのレガシーVioStor NVR(QVR 5.1.x以前)に、認証回避&パストラバーサル脆弱性(CVE-2025-52856、CVE-2025-52861)発見。管理者権限なしでも侵入可、サーバー内ファイルが丸見えに。最新QVR 5.1.6以降にアップデート必

    @Simplex_rm

    30 Aug 2025

    153 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. QNAPは、古いVioStor NVRシステムのQVRファームウェアに影響を与える複数の脆弱性に対処するためのセキュリティパッチをリリースしました。重要な2つの脆弱性(CVE-2025-52856とCVE-2025-52861)が発見され、ユーザー

    @cyber_edu_jp

    30 Aug 2025

    63 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-52861 Path Traversal in VioStor Allows Unauthorized File Access via Administrator Account https://t.co/sWCEczr3p3

    @VulmonFeeds

    29 Aug 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-52861 A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to re… https://t.co/9aK0Gs2dCc

    @CVEnew

    29 Aug 2025

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.