CVE-2025-66273

216.73.217.22

· Published 10/06/2026 04:17 · Modified 10/06/2026 19:43

Labels: CVE-2025-66273 2026-06-10 CVE-2025-66273 CWE-78 [email protected]

Essential information

Published: 10/06/2026 04:17
Modified: 10/06/2026 19:43
Author: —
Creator: —
CVSS: 8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
qnap / qts	`cpe:2.3:o:qnap:qts:5.2.9.3410:::::::*`
qnap / quTS hero	`cpe:2.3:o:qnap:quTS_hero:h5.2.9.3410:::::::*`
qnap / quTS hero	`cpe:2.3:o:qnap:quTS_hero:h5.3.4.3500:::::::*`
qnap / quTS hero	`cpe:2.3:o:qnap:quTS_hero:h6.0.0.3397:::::::*`