CVE-2025-62849CRITICAL 9.8EPSS p55.5%

CVE-2025-62849CVE-2025-62849

Description

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.92% probability of exploitation · percentile 55.5% · 2026-06-19T12:03:05Z
Published2025-12-16
Last modified2025-12-17

Underlying weaknesses· 1

CWE-89

References

  1. https://www.qnap.com/en/security-advisory/qsa-25-45

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-66279
CVE
CVE-2026-22893
CVE
CVE-2025-66273
CVE
CVE-2025-30264
CVE
CVE-2025-22481
CVE
CVE-2025-62858
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.