CVE-2025-52861NVD

Vulnerability Summary

A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later

Severity Level

HIGH(7.0)

Published Date

Aug 29, 2025

Last Modified

Sep 2, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

External References

https://www.qnap.com/en/security-advisory/qsa-25-28

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-52861NVD

Vulnerability Summary

External References