Command Injection Vulnerability in HybridDesk Station by QNAP
CVE-2025-44015
2.3LOW
What is CVE-2025-44015?
A command injection vulnerability in HybridDesk Station allows an attacker with local network access to exploit the system and execute arbitrary commands. Affected users should ensure they are using HybridDesk Station version 4.2.18 or later to mitigate this risk. For further information and guidance, please refer to the official security advisory.
Affected Version(s)
HybridDesk Station 4.2.x < 4.2.18
References
CVSS V4
Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dohwan Kim, Junwoo Kwon (neko_hat, wnsdn1583 from Chung-Ang Univ.)