CVE-2025-52856NVD

Vulnerability Summary

An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later

Severity Level

CRITICAL(9.3)

Published Date

Aug 29, 2025

Last Modified

Sep 2, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-287: Improper Authentication ↗

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

External References

https://www.qnap.com/en/security-advisory/qsa-25-29

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-52856NVD

Vulnerability Summary

External References