{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59385", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2025-09-15T08:35:00.660Z", "datePublished": "2025-12-16T02:25:16.661Z", "dateUpdated": "2025-12-17T04:55:46.464Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.2.7.3297 build 20251024", "status": "affected", "version": "5.2.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h5.2.7.3297 build 20251024", "status": "affected", "version": "h5.2.x", "versionType": "custom"}, {"lessThan": "h5.3.1.3292 build 20251024", "status": "affected", "version": "h5.3.x", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.2.7.3297_build_20251024", "versionStartIncluding": "5.2.x", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*", "versionEndExcluding": "h5.2.7.3297_build_20251024", "versionStartIncluding": "h5.2.x", "vulnerable": true}, {"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*", "versionEndExcluding": "h5.3.1.3292_build_20251024", "versionStartIncluding": "h5.3.x", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Le Mau Anh Phong at Verichains Cyber Force"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.2.7.3297 build 20251024 and later<br>QuTS hero h5.2.7.3297 build 20251024 and later<br>QuTS hero h5.3.1.3292 build 20251024 and later<br>"}], "value": "An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.1, "baseSeverity": "HIGH", "exploitMaturity": "UNREPORTED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-12-16T02:25:16.661Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-45"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.7.3297 build 20251024 and later<br>QuTS hero h5.2.7.3297 build 20251024 and later<br>QuTS hero h5.3.1.3292 build 20251024 and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"}], "source": {"advisory": "QSA-25-45", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-59385"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-17T04:55:46.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59385", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-16T21:26:02.691337Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T21:26:06.535Z"}}], "cna": {"title": "QTS, QuTS hero", "source": {"advisory": "QSA-25-45", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Le Mau Anh Phong at Verichains Cyber Force"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QTS", "versions": [{"status": "affected", "version": "5.2.x", "lessThan": "5.2.7.3297 build 20251024", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "QNAP Systems Inc.", "product": "QuTS hero", "versions": [{"status": "affected", "version": "h5.2.x", "lessThan": "h5.2.7.3297 build 20251024", "versionType": "custom"}, {"status": "affected", "version": "h5.3.x", "lessThan": "h5.3.1.3292 build 20251024", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.7.3297 build 20251024 and later<br>QuTS hero h5.2.7.3297 build 20251024 and later<br>QuTS hero h5.3.1.3292 build 20251024 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-45"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later", "supportingMedia": [{"type": "text/html", "value": "An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.2.7.3297 build 20251024 and later<br>QuTS hero h5.2.7.3297 build 20251024 and later<br>QuTS hero h5.3.1.3292 build 20251024 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.2.7.3297_build_20251024", "versionStartIncluding": "5.2.x"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "h5.2.7.3297_build_20251024", "versionStartIncluding": "h5.2.x"}, {"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "h5.3.1.3292_build_20251024", "versionStartIncluding": "h5.3.x"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-12-16T02:25:16.661Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59385", "state": "PUBLISHED", "dateUpdated": "2025-12-16T21:26:09.441Z", "dateReserved": "2025-09-15T08:35:00.660Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2025-12-16T02:25:16.661Z", "assignerShortName": "qnap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*", "matchCriteriaId": "F4026A4B-7AB4-48EA-971D-88DFDD3F01A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*", "matchCriteriaId": "1F3F99BB-0D68-4D74-92C8-59E24F96C50D", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*", "matchCriteriaId": "1DE63B4D-8E84-41D3-B1F3-04AE6040242B", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*", "matchCriteriaId": "75746563-C648-4E55-9126-703F915F8B8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*", "matchCriteriaId": "AF6BA027-A635-4E90-80C8-130B10AB3D23", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*", "matchCriteriaId": "5406F242-A215-4B07-809F-7A7CE55ACE71", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*", "matchCriteriaId": "FA17778E-B3B1-44DD-B4E9-5AD25A3E804C", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*", "matchCriteriaId": "E3FC6646-2247-4ED9-9643-CD376674E2E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*", "matchCriteriaId": "62170342-067D-442C-88FB-64A4BEA8AFE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*", "matchCriteriaId": "82464467-E1E6-47E1-BDE5-DDFA52994A47", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*", "matchCriteriaId": "75AE902C-0516-4341-9BF0-21D8803E091C", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*", "matchCriteriaId": "5B005D70-8C91-48D4-B09A-9EBE2E9E5090", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*", "matchCriteriaId": "82FE5F89-A0E1-4D1B-A363-0A0D4141F502", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*", "matchCriteriaId": "B21A9EE0-88D5-42D9-BA21-D55518FCC6E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*", "matchCriteriaId": "3B575CF2-21F3-4435-B6B4-61D79B34429C", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*", "matchCriteriaId": "E2EBD305-91E3-4BCC-835B-4878DF4DA3B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*", "matchCriteriaId": "554CB021-1477-4E63-8EBA-74056B4D8DA7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*", "matchCriteriaId": "CDCBB36A-CB91-4BA3-A6ED-952E6A4A0481", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*", "matchCriteriaId": "240BCFF1-CCCB-4C07-8E2C-7F43F68407FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*", "matchCriteriaId": "D3AF7276-77E0-474A-B10F-AC15BC5FCF00", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*", "matchCriteriaId": "5FA8C3EC-B6C0-44A8-BC91-18E3E90C63AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*", "matchCriteriaId": "889336D2-D9F7-4CC0-A22F-B837B5E77751", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*", "matchCriteriaId": "98F72EB9-0EE3-416A-B9BB-2512F5203A5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*", "matchCriteriaId": "9110382F-57C2-4C2E-82D1-3246C882B2C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*", "matchCriteriaId": "DB92EFD7-47DD-4AAC-97BD-A2D4918FF4ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*", "matchCriteriaId": "78E38E23-1AD0-49E1-89FA-73DC2F496137", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*", "matchCriteriaId": "F2F302B6-26CC-4044-B480-4EBDBB90797F", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*", "matchCriteriaId": "BF0093B6-8D38-4D1E-AD71-79299123C2B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*", "matchCriteriaId": "48A3CDAA-B0C6-4280-B1AC-DDD027F9D632", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*", "matchCriteriaId": "1807DE4F-CDF3-4E3B-ADC1-9535EF1D60FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*", "matchCriteriaId": "68FF7342-A0AF-4E75-9CD6-D584B450B8AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*", "matchCriteriaId": "A8E84E3D-943C-4DF5-86D3-DCAC3C034B81", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*", "matchCriteriaId": "17720E05-1BBF-4605-A777-FA4059B3C2DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*", "matchCriteriaId": "4175C7F7-E946-41C6-8863-E23233B91A2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*", "matchCriteriaId": "DE16C73E-9291-44FD-A9CB-B7C127E67A6F", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*", "matchCriteriaId": "ED4023E4-6C28-413A-B7B1-6CEEBC48A1C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.1.3250:build_20250912:*:*:*:*:*:*", "matchCriteriaId": "0A94FE59-675E-4FF1-B971-F5A0A7B98EA7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"}], "id": "CVE-2025-59385", "lastModified": "2025-12-17T14:00:20.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-12-16T03:15:58.030", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-25-45"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "[email protected]", "type": "Primary"}]}

{}