CNNVD-202508-3516 Information

CNNVD ID

CNNVD-202508-3516

Related CVE

CVE-2025-33032

• CNNVD Published: 2025-08-29

Description (Chinese)

QNAP QTS和QNAP QuTS hero都是中国台湾威联通科技（QNAP）公司的一个具有数据存储与管理功能的软件。 QNAP QTS 5.2.5.3145之前版本和QNAP QuTS hero h5.2.5.3138之前版本存在路径遍历漏洞，该漏洞源于容易受到路径遍历攻击，可能导致读取意外文件或系统数据。

Description (English)

QNAP QTS and QNAP QTS hero are both software with data storage and management functions at QNAP. Pre-QNAP QTS 5.2.5.3145 and pre-QNAP QETS hero h5.2.5.3138 have path-to-way loopholes that stem from the vulnerability of path-to-path attacks and may lead to accidental file or system data reading.

Hazard Level

Critical

Vulnerability Type

路径遍历

Affected Vendor

威联通科技

Published

2025-08-29

Last Modified

2026-02-24

References

https://www.qnap.com/en/security-advisory/qsa-25-21 https://access.redhat.com/security/cve/cve-2025-33032 https://nvd.nist.gov/vuln/detail/CVE-2025-33032

Patch

https://www.qnap.com/en/security-advisory/qsa-25-21