Vulnerabilities ›

CVE-2025-9110

High

QNAP QTS/QuTS hero Sensitive System Information Exposure Vulnerability (CVE-2025-9110)

CWE-497 — Weakness Type

                    Published: Jan 2, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.

We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later

🤖 AI Executive Summary

QNAP QTS and QuTS hero operating systems contain a vulnerability (CVE-2025-9110) allowing remote attackers to read sensitive application data through unauthorized access to system information. The vulnerability affects multiple versions prior to QTS 5.2.8.3332 and QuTS hero h5.2.8.3321/h5.3.1.3250. CVSS score of 7.5 indicates high severity with potential for significant data exposure.

🤖

Queued for AI Analysis

This CVE will be auto-analyzed on the next cron run.

🔗 References & Sources 1

🔗

https://www.qnap.com/en/security-advisory/qsa-25-51

security@qnapsecurity.com.tw

Vendor Advisory

📦 Affected Products / CPE 38 entries

qnap:qts:5.2.0.2737

qnap:qts:5.2.0.2744

qnap:qts:5.2.0.2782

qnap:qts:5.2.0.2802

qnap:qts:5.2.0.2823

qnap:qts:5.2.0.2851

qnap:qts:5.2.0.2860

qnap:qts:5.2.1.2930

qnap:qts:5.2.2.2950

qnap:qts:5.2.3.3006

qnap:qts:5.2.4.3070

qnap:qts:5.2.4.3079

qnap:qts:5.2.4.3092

qnap:qts:5.2.5.3145

qnap:qts:5.2.6.3195

qnap:qts:5.2.6.3229

qnap:qts:5.2.7.3256

qnap:qts:5.2.7.3297

qnap:quts_hero:h5.2.0.2737

qnap:quts_hero:h5.2.0.2782

qnap:quts_hero:h5.2.0.2789

qnap:quts_hero:h5.2.0.2802

qnap:quts_hero:h5.2.0.2823

qnap:quts_hero:h5.2.0.2851

qnap:quts_hero:h5.2.0.2860

qnap:quts_hero:h5.2.1.2929

qnap:quts_hero:h5.2.1.2940

qnap:quts_hero:h5.2.2.2952

qnap:quts_hero:h5.2.3.3006

qnap:quts_hero:h5.2.4.3070

qnap:quts_hero:h5.2.4.3079

qnap:quts_hero:h5.2.5.3138

qnap:quts_hero:h5.2.6.3195

qnap:quts_hero:h5.2.7.3256

qnap:quts_hero:h5.2.7.3297

qnap:quts_hero:h5.3.0.3115

qnap:quts_hero:h5.3.0.3145

qnap:quts_hero:h5.3.0.3192

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-497

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-01-02

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-497

🏢 Vendor Advisories

🔗 https://www.qnap.com/en/security-advisory/qsa-25-51

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-9110

Queued for AI Analysis

Introduce Yourself

Sign In Required