CVE-2025-59385 QTS, QuTS hero

🗓️ 16 Dec 2025 02:25:16Reported by qnapType

CVE-2025-59385 authentication bypass by spoofing on QNAP OS; remote attackers access resources; fixed in latest builds.

Reporter	Title	Published	Views	Family All 11
CNNVD	QNAP Systems Hero和QNAP Systems QTS 安全漏洞	16 Dec 202500:00	–	cnnvd
CVE	CVE-2025-59385	16 Dec 202502:25	–	cve
EUVD	EUVD-2025-203489	16 Dec 202502:25	–	euvd
NCSC	Vulnerabilities fixed in QNAP operating systems	29 Dec 202509:17	–	ncsc
NVD	CVE-2025-59385	16 Dec 202503:15	–	nvd
OpenVAS	QNAP QTS Multiple Vulnerabilities (QSA-25-45)	11 Nov 202500:00	–	openvas
OpenVAS	QNAP QuTS hero Multiple Vulnerabilities (QSA-25-45)	11 Nov 202500:00	–	openvas
Positive Technologies	PT-2025-51363	16 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-59385	17 Dec 202503:07	–	redhatcve
Tenable Nessus	Qnap QTS and QuTS hero Authentication Bypass by Spoofing (CVE-2025-59385)	19 Jan 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.2.7.3297 build 20251024",
        "status": "affected",
        "version": "5.2.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.2.7.3297 build 20251024",
        "status": "affected",
        "version": "h5.2.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h5.3.1.3292 build 20251024",
        "status": "affected",
        "version": "h5.3.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-25-45

16 Dec 2025 02:25Current

CVSS 49.3

EPSS0.00601

CWE-290