Qnap NAS: Unauthorized file system access possible
Security patches for Qnap's NAS operating systems QTS and QuTS hero close several vulnerabilities.
(Image: Artur Szczybylo / Shutterstock.com)
- Dennis Schirrmacher
Five vulnerabilities endanger Qnap network-attached storage (NAS) devices. The flaws are in the QTS and QuTS hero operating systems. Successful attacks can lead to DoS conditions and thus crashes.
Several vulnerabilities closed
According to a security advisory, one “critical” vulnerability (CVE-2025-66277) is considered the most dangerous, allowing attackers to access protected file system areas through a path traversal attack. What specifically happens then is not currently known. However, due to the critical classification, it can be assumed that systems will be considered compromised afterward.
Videos by heise
Another advisory indicates that the DoS vulnerabilities are classified as “medium” and “low” (CVE-2025-47205, CVE-2025-58466, CVE-2025-66274, CVE-2025-59386, CVE-2025-48725). So far, there are no reports of attackers exploiting the vulnerabilities. The developers assure that the security issues have been resolved in QTS 5.2.8.3350 build 20251216, QuTS hero h5.2.8.3350 build 20251216, and QuTS hero h5.3.2.3354 build 20251225.
(des)
