CNNVD-202508-3523 Information

CNNVD ID

CNNVD-202508-3523

Related CVE

CVE-2025-30271

• CNNVD Published: 2025-08-29

Description (Chinese)

QNAP QTS和QNAP QuTS hero都是中国台湾威联通科技（QNAP）公司的一个具有数据存储与管理功能的软件。 QNAP QTS 5.2.5.3145版本之前版本和QNAP QuTS hero h5.2.5.3138版本之前版本存在路径遍历漏洞，该漏洞源于容易受到路径遍历攻击，可能导致读取意外文件或系统数据。

Description (English)

QNAP QTS and QNAP QTS hero are both software with data storage and management functions at QNAP. Pre-QNAP QTS 5.2.5.3145 and pre-QNAP QETS hero h5.2.5.3138 have routing gaps, which stem from the vulnerability of the path to attack and may lead to the reading of unexpected files or system data.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

威联通科技

Published

2025-08-29

Last Modified

2026-02-24

References

https://www.qnap.com/en/security-advisory/qsa-25-21 https://access.redhat.com/security/cve/cve-2025-30271 https://nvd.nist.gov/vuln/detail/CVE-2025-30271

Patch

https://www.qnap.com/en/security-advisory/qsa-25-21