Improper Authentication Vulnerability in VioStor by QNAP
CVE-2025-52856

9.3CRITICAL

Key Information:

Vendor

QNAP
Status
ViOStor
Vendor
CVE Published:
29 August 2025

What is CVE-2025-52856?

An improper authentication vulnerability has been identified in VioStor, developed by QNAP. This flaw enables remote attackers to potentially compromise the security of the system. It is crucial for users to upgrade to VioStor version 5.1.6 build 20250621 or later to mitigate any risks associated with this vulnerability.

Affected Version(s)

VioStor 5.1.0 < 5.1.6 build 20250621

References

https://www.qnap.com/en/security-advisory/qsa-25-29

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

360 的安全研究员 侯留洋([email protected]
.
CVE-2025-52856 : Improper Authentication Vulnerability in VioStor by QNAP