CVE-2025-44015HIGH 8.4EPSS p55.5%

CVE-2025-44015CVE-2025-44015

Description

A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later

Scoring

CVSS 3.18.4 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.92% probability of exploitation · percentile 55.5% · 2026-06-18T12:00:27Z
Published2025-08-29
Last modified2025-12-08

Underlying weaknesses· 2

CWE-77CWE-78

References

  1. https://www.qnap.com/en/security-advisory/qsa-25-20

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-6542
CVE
CVE-2025-61492
CVE
CVE-2025-59389
CVE
CVE-2025-37162
CVE
CVE-2025-64128
CVE
CVE-2025-64126
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.