Hard-Coded Password Vulnerability in Hyper Data Protector by QNAP
CVE-2025-59388

6.6MEDIUM

Key Information:

Vendor: QNAP
Status: Hyper Data Protector
Vendor: CVE Published:; 12 March 2026

What is CVE-2025-59388?

A vulnerability has been identified in Hyper Data Protector where a hard-coded password can be exploited by remote attackers. This flaw allows unauthorized access to critical system functions, posing a significant security risk. Users are advised to upgrade to version 2.3.1.455 or later to mitigate the threat and protect their systems from exploitation.

Affected Version(s)

Hyper Data Protector 2.3.x < 2.3.1.455

References

https://www.qnap.com/en/security-advisory/qsa-25-48

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2026
Vulnerability Reserved
Sep 15, 2025

Credit

Pwn2Own 2025 - Summoning Team

CVE-2025-59388 Data

JSON