Remote Code Execution Vulnerability in QNAP NAS Products
CVE-2025-59382

1.2LOW

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-59382?

A remote code execution vulnerability has been identified in select QNAP NAS products. This issue could potentially allow attackers to execute arbitrary code on affected systems, posing a significant risk to data integrity and system functionality. QNAP has released patches to address this vulnerability in specific versions, ensuring enhanced security for users. It is highly recommended for users to update their devices to the latest firmware to mitigate possible exploits.

Affected Version(s)

QTS ?

QuTS hero ?

QuTScloud c5.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
1.2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tim Coen
.