Description
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
References (1)
Core 1
Core References
Various Sources
https://www.qnap.com/en/security-advisory/qsa-25-28
Scores
CVSS v4
7.0
EPSS
0.0060
EPSS Percentile
44.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
QNAP Systems Inc./VioStor
5.1.0 - 5.1.6 build 20250621
Published
Aug 29, 2025
Tracked Since
Feb 18, 2026