Qnap QTS and QuTS hero Command Injection (CVE-2025-30264)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145...

EUVD-2025-32340

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

CVE-2025-30273

CVE-2025-30273 is an out-of-bounds write vulnerability affecting QNAP QTS and QuTS hero. The issue allows a remote attacker who gains a user account to modify or corrupt memory, with network access as the attack vector and no user interaction required. Affected versions have been fixed in QTS 5.2...

CVE-2024-32763

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...