CVE-2025-59381 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-59381

Analyzed

More Info Official Page

Source-security@qnapsecurity.com.tw

Published At-02 Jan, 2026 | 16:17

Updated At-06 Jan, 2026 | 13:57

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.6	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CPE Matches

QNAP Systems, Inc.

>>qts>>5.2.0.2737

cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.0.2744

cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.0.2782

cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.0.2802

cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.0.2823

cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.0.2851

cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.0.2860

cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.1.2930

cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.2.2950

cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.3.3006

cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.4.3070

cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.4.3079

cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.4.3092

cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.5.3145

cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.6.3195

cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.6.3229

cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.7.3256

cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.2.7.3297

cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2737

cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2782

cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2789

cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2802

cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2823

cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2851

cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.0.2860

cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.1.2929

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.1.2940

cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.2.2952

cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.3.3006

cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.4.3070

cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.4.3079

cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.5.3138

cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.6.3195

cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.7.3256

cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.2.7.3297

cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.3.0.3115

cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.3.0.3145

cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.3.0.3192

cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	security@qnapsecurity.com.tw

CWE ID: CWE-22

Type: Primary

Source: security@qnapsecurity.com.tw

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-25-51	security@qnapsecurity.com.tw	Vendor Advisory

Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-51

Source: security@qnapsecurity.com.tw

Resource:

Vendor Advisory