Qnap QTS and QuTS hero Improper Neutralization of Argument Delimiters in a Command (CVE-2025-62847)

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-62847

creationtimestamp| type| source ---|---|--- 2025-12-30 05:34:04+00:00| seen| https://t.me/icscert/1382...

CVE-2025-62847

CVE-2025-62847 is an actual, documented vulnerability affecting QNAP QTS and QuTS hero. It is described as an improper neutralization of argument delimiters in a command, enabling an attacker to alter execution logic on affected systems. Fixed versions are QTS 5.2.7.3297 build 20251024 and later,...

PT-2025-45578

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3297 build 20251024 QuTS hero versions prior to h5.2.7.3297 build 20251024 QuTS hero versions prior to h5.3.1.3292 build 20251024 Description The software contains an improper neutralization of argument delimiters ...