CVE-2025-59385CRITICAL 9.8EPSS p45.3%

CVE-2025-59385CVE-2025-59385

Description

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.63% probability of exploitation · percentile 45.3% · 2026-06-19T12:03:05Z
Published2025-12-16
Last modified2025-12-17

Underlying weaknesses· 1

CWE-290

References

  1. https://www.qnap.com/en/security-advisory/qsa-25-45

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-2900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59381
CVE
CVE-2025-48725
CVE
CVE-2025-30264
CVE
CVE-2025-52864
CVE
CVE-2025-52863
CVE
CVE-2025-52872
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.