[Vulnerability Alert] High-Risk Security Vulnerability Found in QNAP Operating System (CVE-2025-66277), Please Confirm and Patch Immediately

• Subject Explanation: [Vulnerability Alert] High-Risk Security Vulnerability Found in QNAP Operating System (CVE-2025-66277), Please Confirm and Patch Immediately

• Content Description:
  • Forwarding National Information Security Analysis and Sharing Center (NISAC) Alert NISAC-200-202603-00000014
  • Researchers have discovered a Link Following vulnerability (CVE-2025-66277) in the QNAP operating system. An unauthenticated remote attacker could exploit this vulnerability to access unauthorized file system paths. Please confirm and patch immediately.
• Impacted Platforms:
  • QTS versions 5.2.x prior to 5.2.8.3350 build 20251216 (exclusive)
  • QuTS hero versions h5.2.x prior to h5.2.8.3350 build 20251216 (exclusive)
• Suggested Measures:
  • The official vendor has released a repair update for the vulnerability; please refer to the official instructions to update. The URL is as follows: https://www.qnap.com/en/security-advisory/qsa-26-05
• References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2025-66277

Computer and Communication Center
Network Systems Division