CVE-2025-9110

7.5 HIGH

Published: January 02, 2026 Modified: January 06, 2026

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.qnap.com/en/security-advisory/qsa-25-51

Source: security@qnapsecurity.com.tw

Vendor Advisory

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

0.0%

6th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-497

Affected Vendors

qnap

Related CVEs

CVE-2026-4597 6.3

CVE-2026-4368 N/A

CVE-2026-3055 N/A

CVE-2026-23882 N/A

CVE-2026-23488 N/A