Primary

Context

QNAP QTS and QuTS Hero Path Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

A path traversal vulnerability exists in QNAP QTS 5.2.x and QuTS hero h5.2.x. If a remote attacker gains administrator access, they can exploit this vulnerability to read unintended files or system data. The issue has been resolved in QTS 5.2.6.3195 build 20250715 and later, as well as QuTS hero h5.2.6.3195 build 20250715 and later.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files or system data, potentially leading to further exploitation or information disclosure.

Remediation

Users are advised to update to QTS 5.2.6.3195 build 20250715 or QuTS hero h5.2.6.3195 build 20250715. Instructions for updating can be found in the QNAP Download Center or through the QTS/QuTS hero Control Panel under 'Firmware Update'.

Added: Oct 3, 2025, 7:36 PM

Updated: Oct 3, 2025, 7:36 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP QTS and QuTS Hero Path Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

QNAP QTS

QNAP QuTS hero

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating