QTS and QuTS Hero software updates by Qnap partially address identified security vulnerabilities, reducing potential risks.
Qnap Releases Firmware Updates to Address Eleven Security Vulnerabilities
Qnap has recently released updated versions of its QTS and QuTS hero firmware to address eleven security vulnerabilities. These updates are crucial for Qnap device users to patch the reported security holes.
The most severe vulnerability is a command injection vulnerability (CVE-2025-30264) with a CVSS score of 7.7, which could potentially allow malicious actors to execute arbitrary commands on affected devices. Another high-risk issue is a memory corruption vulnerability (CVE-2025-30273) with a CVSS score of 7.1, enabling memory manipulation and the potential modification or destruction of memory.
A buffer overflow vulnerability (CVE-2025-30265) is another concern, as it can modify memory areas. Additionally, several NULL pointer dereferences have been identified that can lead to denial-of-service (DoS) incidents. These vulnerabilities include CVE-2025-30267, CVE-2025-30268, CVE-2025-30272, and CVE-2025-30274.
Furthermore, a path traversal vulnerability has been found, which could allow unauthorized file or system data access. This vulnerability is represented by CVE-2025-30270, CVE-2025-30271, and CVE-2025-33032.
Other vulnerabilities addressed by the updates include unexpected file read access and denial-of-service risks.
The affected versions are QTS 5.2.5.3145 Build 20250526 and QuTS hero h5.2.5.3138 Build 20250519. Qnap has recommended that users update their devices to these latest versions to ensure their devices are secure.
In addition to these updates, Qnap has also released software updates for its File Station 5 to close high-risk security vulnerabilities last week.
Qnap encourages all users to update their devices as soon as possible to mitigate these security risks. The updated firmware versions are available for Qnap devices.
