QNAP Nine Security Advisories on Resolved Vulnerabilities
Concerning File Station 5, Qsync Central, License Center, QTS and QuTS hero NAS OS, OpenSSH, QuRouter, and Tornado
This is a Press Release edited by StorageNewsletter.com on June 9, 2025 at 2:01 pmQNAP Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products.
Use the following information and solutions to correct the security issues and vulnerabilities.
This advisory includes the following:
- Multiple Vulnerabilities in File Station 5 (ID: QSA-25-09)
- Multiple Vulnerabilities in Qsync Central (ID: QSA-25-10)
- Vulnerability in License Center (ID: QSA-25-11)
- Multiple Vulnerabilities in QTS and QuTS hero (ID: QSA-25-12)
- Vulnerability in OpenSSH (ID: QSA-25-13)
- Multiple Vulnerabilities in OpenSSH (ID: QSA-25-14)
- Multiple Vulnerabilities in QuRouter (ID: QSA-25-15)
- Multiple Vulnerabilities in File Station 5 (ID: QSA-25-16)
- Vulnerability in Tornado (ID: QSA-25-17)
Multiple Vulnerabilities in File Station 5
Security ID: QSA-25-09
Release date: June 7, 2025
CVE identifier: CVE-2025-22486 | CVE-2025-29883 | CVE-2025-29884 | CVE-2025-29885
Severity: Important
Status: Resolved
Affected products: File Station 5 version 5.5.x
Summary
Multiple improper certificate validation vulnerabilities have been reported to affect File Station 5. If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to compromise the security of the system.
The company have already fixed the vulnerabilities in following version:
|
Affected Product |
Fixed Version |
|
File Station 5 version 5.5.x |
File Station 5 version 5.5.6.4791 and later |
Multiple Vulnerabilities in Qsync Central
Security ID: QSA-25-10
Release date: June 7, 2025
CVE identifier: CVE-2025-22482 | CVE-2025-29892
Severity: Important
Status: Resolved
Affected products: Qsync Central 4.5.x
Summary
Multiple vulnerabilities have been reported to affect Qsync Central:
-
CVE-2025-22482: Use of externally-controlled format string vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to obtain secret data or modify memory. -
CVE-2025-29892: SQL injection vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
The company have already fixed the vulnerabilities in following version:
|
Affected Product |
Fixed Version |
|
Qsync Central 4.5.x |
Qsync Central 4.5.0.6 (2025/03/20) and later |
Vulnerability in License Center
Security ID: QSA-25-11
Release date: June 7, 2025
CVE identifier: CVE-2024-50406
Severity: Moderate
Status: Resolved
Affected products: License Center 1.9.x
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If a remote attacker gains access to a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
The company have already fixed the vulnerability in following version:
|
Affected Product |
Fixed Version |
|
License Center 1.9.x |
License Center 1.9.49 and later |
Multiple Vulnerabilities in QTS and QuTS hero
Security ID: QSA-25-12
Release date: June 7, 2025
CVE identifier: CVE-2025-22481 | CVE-2024-56805
Severity: Important
Status: Resolved
Affected products: QTS 5.2.x, QuTS hero h5.2.x
Summary
Multiple vulnerabilities have been reported to affect QTS and QuTS hero:
-
CVE-2025-22481: Command injection vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to execute arbitrary commands. -
CVE-2024-56805: Buffer overflow vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to modify memory or crash processes.
The company have already fixed the vulnerabilities in following versions:
|
Affected Product |
Fixed Version |
|
QTS 5.2.x |
QTS 5.2.4.3079 build 20250321 and later |
|
QuTS hero h5.2.x |
QuTS hero h5.2.4.3079 build 20250321 and later |
Vulnerability in OpenSSH
Security ID: QSA-25-13
Release date: June 7, 2025
CVE identifier: CVE-2024-6387
Severity: Important
Status: Resolved
Affected products: QES 2.2.0
Summary
A vulnerability has been reported in OpenSSH that affects QES.
The company have already fixed the vulnerability in following version:
|
Affected Product |
Fixed Version |
|
QES 2.2.0 |
QES 2.2.1 build 20250304 and later |
Multiple Vulnerabilities in OpenSSH
Security ID: QSA-25-14
Release date: June 7, 2025
CVE identifier: CVE-2025-26465 | CVE-2025-26466
Severity: Important
Status: Resolved
Affected products: QTS 5.2.x, QuTS hero h5.2.x
Summary
Multiple vulnerabilities have been reported in OpenSSH that affect QTS and QuTS hero.
The company have already fixed the vulnerabilities in following versions:
|
Affected Product |
Fixed Version |
|
QTS 5.2.x |
QTS 5.2.4.3079 build 20250321 and later |
|
QuTS hero h5.2.x |
QuTS hero h5.2.4.3079 build 20250321 and later |
Multiple Vulnerabilities in QuRouter
Security ID: QSA-25-15
Release date: June 7, 2025
CVE identifier: CVE-2024-13087 | CVE-2024-13088
Severity: Moderate
Status: Resolved
Affected products: QuRouter 2.4.x, 2.5.x
Summary
Multiple vulnerabilities have been reported to affect QuRouter:
-
CVE-2024-13087: Command injection vulnerability
If an attacker gains access to the local network and also to an administrator account, they can then exploit the vulnerability to execute arbitrary commands. -
CVE-2024-13088: Improper authentication vulnerability
If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system.
The company have already fixed the vulnerabilities in following version:
|
Affected Product |
Fixed Version |
|
QuRouter 2.4.x and 2.5.x |
QuRouter 2.5.0.140 and later |
Multiple Vulnerabilities in File Station 5
Security ID: QSA-25-16
Release date: June 7, 2025
CVE identifier: CVE-2025-22484 | CVE-2025-22490 | CVE-2025-29871 | CVE-2025-29872 | CVE-2025-29873 | CVE-2025-29876 | CVE-2025-29877 | CVE-2025-33035 | CVE-2025-30279 | CVE-2025-33031
Severity: Important
Status: Resolved
Affected products: File Station 5 version 5.5.x
Summary
Multiple vulnerabilities have been reported to affect File Station 5:
-
CVE-2025-22484, CVE-2025-29872: Allocation of resources without limits or throttling vulnerabilities
If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to prevent other systems, applications, or processes from accessing the same type of resource. -
CVE-2025-22490, CVE-2025-29873, CVE-2025-29876, CVE-2025-29877: NULL pointer dereference vulnerabilities
If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to launch a denial-of-service (DoS) attack. -
CVE-2025-29871: Out-of-bounds read vulnerability
If a local attacker gains access to an administrator account, they can then exploit the vulnerability to obtain secret data. -
CVE-2025-33035: Path traversal vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. -
CVE-2025-30279, CVE-2025-33031: Improper certificate validation vulnerabilities
If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to compromise the security of the system.
The company have already fixed the vulnerabilities in following version:
|
Affected Product |
Fixed Version |
|
File Station 5 version 5.5.x |
File Station 5 version 5.5.6.4847 and later |
Vulnerability in Tornado
Security ID: QSA-25-17
Release date: June 7, 2025
CVE identifier: CVE-2023-28370
Severity: Moderate
Status: Resolved
Affected products: QES 2.2.0
Summary
A vulnerability has been reported in Tornado that affects QES 2.2.0.
The company have already fixed the vulnerability in following version:
|
Affected Product |
Fixed Version |
|
QES 2.2.0 |
QES 2.2.1 build 20241231 and later |
Questions regarding this issue, contact the company
Subscribe to our free daily newsletter
