← back
CVE-2025-52861

VioStor

CVSS 7 HIGHEPSS 0.6%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
QNAP Systems Inc. · VioStor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.qnap.com/en/security-advisory/qsa-25-28