CVE-2025-59389
CRITICALQNAP Hyper Data Protector < 2.2.4.1 - SQL Injection
Title source: llmDescription
An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-25-48
Scores
CVSS v3
9.8
EPSS
0.0013
EPSS Percentile
32.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (2)
qnap/hyper_data_protector
2.0.0.1115 beta
qnap/hyper_data_protector
2.1.0.0226 - 2.2.4.1
Published
Jan 02, 2026
Tracked Since
Feb 18, 2026