CVE-2025-66279 (GCVE-0-2025-66279)
Vulnerability from cvelistv5
Published
2026-06-10 03:05
Modified
2026-06-10 03:05
Severity ?
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
Summary
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Version: 5.2.0   < 5.2.9.3410 build 20260214
 Create a notification for this product.
   QNAP Systems Inc. QuTS hero Version: h5.2.0   < h5.2.9.3410 build 20260214
Version: h5.3.0   < h5.3.4.3500 build 20260520
Version: ?   < h6.0.0.3397 build 20260206
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.9.3410 build 20260214",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.9.3410 build 20260214",
              "status": "affected",
              "version": "h5.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.3.4.3500 build 20260520",
              "status": "affected",
              "version": "h5.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "h6.0.0.3397 build 20260206",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bechir Bouali (@b3ch1r) from SecLab - TII"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.9.3410 build 20260214 and later\u003cbr\u003eQuTS hero h5.2.9.3410 build 20260214 and later\u003cbr\u003eQuTS hero h5.3.4.3500 build 20260520 and later\u003cbr\u003eQuTS hero h6.0.0.3397 build 20260206 and later\u003cbr\u003e"
            }
          ],
          "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T03:05:38.333Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-26-10"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.9.3410 build 20260214 and later\u003cbr\u003eQuTS hero h5.2.9.3410 build 20260214 and later\u003cbr\u003eQuTS hero h5.3.4.3500 build 20260520 and later\u003cbr\u003eQuTS hero h6.0.0.3397 build 20260206 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later"
        }
      ],
      "source": {
        "advisory": "QSA-26-10",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2025-66279",
    "datePublished": "2026-06-10T03:05:38.333Z",
    "dateReserved": "2025-11-26T09:25:37.833Z",
    "dateUpdated": "2026-06-10T03:05:38.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.