CVE-2025-9110

HIGH

QNAP OS - Info Disclosure

Title source: llm

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-25-51

Scores

CVSS v3 7.5

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (38)

qnap/qts 5.2.0.2737 build_20240417

qnap/qts 5.2.0.2744 build_20240424

qnap/qts 5.2.0.2782 build_20240601

qnap/qts 5.2.0.2802 build_20240620

qnap/qts 5.2.0.2823 build_20240711

qnap/qts 5.2.0.2851 build_20240808

qnap/qts 5.2.0.2860 build_20240817

qnap/qts 5.2.1.2930 build_20241025

qnap/qts 5.2.2.2950 build_20241114

qnap/qts 5.2.3.3006 build_20250108

... and 28 more

Published Jan 02, 2026

Tracked Since Feb 18, 2026