POSTING DATE: 2026/01/06

[VULNERABILITY ALERT] QNO | VPN Firewall - Presence of 3 Critical Security Vulnerabilities (CVE-2025-15387) (CVE-2025-15388) (CVE-2025-15389)

  • Subject: [VULNERABILITY ALERT] QNO | VPN Firewall - Presence of 3 Critical Security Vulnerabilities (CVE-2025-15387) (CVE-2025-15388) (CVE-2025-15389)


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000001
    • [QNO | VPN Firewall - Insufficient Entropy] (CVE-2025-15387, CVSS: 8.8) An Insufficient Entropy vulnerability exists in VPN Firewalls. A remote unauthenticated attacker can obtain any logged-in user's session through brute force, thereby logging into the system.
    • [QNO | VPN Firewall - OS Command Injection] (CVE-2025-15388, CVSS: 8.8) An OS Command Injection vulnerability exists in VPN Firewalls. A remote authenticated attacker can inject arbitrary operating system commands and execute them on the server.
    • [QNO | VPN Firewall - OS Command Injection] (CVE-2025-15389, CVSS: 8.8) An OS Command Injection vulnerability exists in VPN Firewalls. A remote authenticated attacker can inject arbitrary operating system commands and execute them on the server.
  • Affected Platforms:
    • VPN Firewall
  • Recommended Actions:
    • Contact the vendor to obtain solutions.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-132-10613-e1780-1.html

Computer and Communication Center
Network Systems Division, Respectfully