Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-22481

Опубликовано: 06 июн. 2025
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.

We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00171
Низкий

8.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

github логотип

GHSA-r44q-4p76-qfj5

CVSS3: 8.8
github
8 месяцев назад

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

EPSS

Процентиль: 39%
0.00171
Низкий

8.8 High

CVSS3

Дефекты

CWE-77