Primary

Context

QNAP Photo Station XMR Mining Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthorized cryptocurrency mining has been identified in QNAP Photo Station versions prior to 5.4.1 (for QTS 4.3.x) and 5.2.7 (for QTS 4.2.x). This vulnerability was discovered through internal research and is related to the execution of XMR mining programs.

Impact

Exploitation of this vulnerability leads to unauthorized cryptocurrency mining on the affected NAS device, which can cause increased wear on hardware and higher energy costs.

Remediation

Users are advised to upgrade QNAP Photo Station to version 5.4.1 or 5.2.7, depending on their NAS's QTS version. After upgrading, it is recommended to install or update the Malware Remover application to protect against new variants of mining malware.

Added: Nov 11, 2025, 10:16 AM

Updated: Nov 11, 2025, 10:16 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

7.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

7.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP Photo Station XMR Mining Vulnerability

Vulnerability

Impact

Remediation

Affected Products

QNAP Photo Station

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating