216.73.217.22

CVE-2025-66277

· Published 11/02/2026 13:15 · Modified 12/02/2026 17:01

Labels: CVE-2025-66277 2026-02-11CVE-2025-66277CWE-59[email protected]

Essential information

Published
11/02/2026 13:15
Modified
12/02/2026 17:01
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*
qnap / qts cpe:2.3:o:qnap:qts:5.2.8.3332:build_20251128:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.8.3321:build_20251117:*:*:*:*:*:*

References