82
CVEs
1
Critical
13
High
0
KEV
0
PoC
10
Unpatched C/H
45.1%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
13
MEDIUM
65
LOW
3
Monthly CVE Trend
Affected Products (30)
Qts
189
Quts Hero
161
Qutscloud
18
Photo Station
9
Q Center
7
Qvr
7
File Station
6
Video Station
4
Qes
4
Music Station
3
Multimedia Console
3
Helpdesk
3
Signage Station
3
Viostor Network Video Recorder
3
Hybrid Backup Sync
2
Surveillance Station Pro
2
Qsync Central
2
Qss
2
Nas
2
Media Streaming Add On
2
Iartist Lite
2
Surveillance Station
2
Ej1600 Firmware
1
Tl R400S Firmware
1
Qvp 63B Firmware
1
Qusbcam2
1
Ts 469U Firmware
1
Tr 004 Firmware
1
Ts Ec1679U Rp Firmware
1
Qvp 85B Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-66277 | Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link resolution for unauthorized access. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2025-66273 | Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained administrator credentials to execute arbitrary OS commands on the appliance. Reported by QNAP itself and tracked as EUVD-2025-210099, the issue affects multiple branches across QTS 5.2.x and QuTS hero 5.2.x, 5.3.x, and 6.0.x and is fixed in builds dated 2026-02-06 through 2026-05-20. No public exploit identified at time of analysis and the issue is not listed in CISA KEV. | HIGH | 8.6 | 0.5% | 44 |
|
| CVE-2025-66279 | Authenticated command injection in QNAP QTS and QuTS hero allows a remote attacker holding administrator credentials to execute arbitrary OS commands on the NAS appliance. The CVSS 4.0 base score of 8.6 reflects high impact across confidentiality, integrity, and availability, though exploitation requires high privileges (PR:H). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; QNAP has released fixed builds across affected QTS and QuTS hero branches. | HIGH | 8.6 | 0.5% | 44 |
|
| CVE-2026-22893 | Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows attackers with administrator credentials to execute arbitrary OS commands on the appliance. The flaw spans multiple QTS and QuTS hero release trains (5.2.x, 5.3.x, and 6.0.x) and has been patched by QNAP across all affected branches. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV, but the post-authentication code execution primitive is highly valuable for attackers who have already harvested admin credentials. | HIGH | 8.6 | 0.5% | 44 |
|
| CVE-2025-52863 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2025-52864 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2025-52872 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2025-48725 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2024-14026 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH] | HIGH | 7.8 | 0.2% | 39 |
No patch
|
| CVE-2025-9110 | An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-47212 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later | HIGH | 7.2 | 0.1% | 36 |
|
| CVE-2025-66281 | NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems allows remote unauthenticated attackers to crash a network-facing service and cause a denial-of-service condition without any authentication or user interaction. Multiple active OS branches are affected - QTS 5.2.x and QuTS hero h5.2.x through h6.0.x - across a device population that is historically internet-exposed and frequently targeted. No public exploit has been identified and this vulnerability is not listed in CISA KEV, but the zero-authentication, network-accessible attack surface makes DoS attempts trivially repeatable against unpatched devices. | MEDIUM | 6.9 | 0.2% | 35 |
|
| CVE-2025-59381 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM] | MEDIUM | 6.9 | 0.1% | 35 |
No patch
|
| CVE-2025-54154 | An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later | MEDIUM | 6.8 | 0.1% | 34 |
|
| CVE-2025-47208 | Quts Hero versions up to h5.2.0.2737 is affected by allocation of resources without limits or throttling (CVSS 6.5). | MEDIUM | 6.5 | 0.2% | 33 |
No patch
|