PatchSiren cyber security CVE debrief
CVE-2025-59381 QNAP Systems Inc. CVE debrief
A path traversal vulnerability has been reported in several QNAP operating system versions. If a remote attacker gains administrator account privileges, they can exploit the vulnerability to read the contents of unexpected files or system data.
- Vendor
- QNAP Systems Inc.
- Product
- QTS
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-02
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-01-02
- Advisory updated
- 2026-06-09
Who should care
Administrators of QNAP systems, particularly those using affected versions of QTS and QuTS hero, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability, identified as CVE-2025-59381, allows an attacker with administrator privileges to perform a path traversal attack. This could potentially lead to unauthorized access to sensitive files or system data.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to QTS 5.2.8.3332 build 20251128 or later
- Update to QuTS hero h5.2.8.3321 build 20251117 or later
- Update to QuTS hero h5.3.2.3354 build 20251225 or later
Evidence notes
The vulnerability has been fixed in the specified versions of QTS and QuTS hero. Users of affected versions should update their systems as soon as possible.
Official resources
-
CVE-2025-59381 CVE record
CVE.org
-
CVE-2025-59381 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2025-59381 was published on 2026-01-02T16:17:00.020Z and modified on 2026-06-09T08:16:26.270Z.