CVE-2025-66277CRITICAL 9.8EPSS p45.5%

CVE-2025-66277CVE-2025-66277

Description

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.63% probability of exploitation · percentile 45.5% · 2026-06-18T12:00:27Z
Published2026-02-11
Last modified2026-02-12

Underlying weaknesses· 1

CWE-59

References

  1. https://www.qnap.com/en/security-advisory/qsa-26-05

1

TypeTargetConfidenceTier
WeaknessImproper Link Resolution Before File Access ('Link Following')cwe-590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59381
CVE
CVE-2026-24717
CVE
CVE-2025-66273
CVE
CVE-2025-66279
CVE
CVE-2025-66281
CVE
CVE-2025-66274
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.