[Vulnerability Alert] High-Risk Security Vulnerability Found in QNAP Operating System (CVE-2025-66277), Please Confirm and Patch Immediately

Date Posted: 2026/04/02

Subject Explanation: [Vulnerability Alert] High-Risk Security Vulnerability Found in QNAP Operating System (CVE-2025-66277), Please Confirm and Patch Immediately

Content Description:
- Forwarding National Information Security Analysis and Sharing Center (NISAC) Alert NISAC-200-202603-00000014
- Researchers have discovered a Link Following vulnerability (CVE-2025-66277) in the QNAP operating system. An unauthenticated remote attacker could exploit this vulnerability to access unauthorized file system paths. Please confirm and patch immediately.
Impacted Platforms:
- QTS versions 5.2.x prior to 5.2.8.3350 build 20251216 (exclusive)
- QuTS hero versions h5.2.x prior to h5.2.8.3350 build 20251216 (exclusive)
Suggested Measures:
- The official vendor has released a repair update for the vulnerability; please refer to the official instructions to update. The URL is as follows: https://www.qnap.com/en/security-advisory/qsa-26-05
References:
1. https://nvd.nist.gov/vuln/detail/CVE-2025-66277

Computer and Communication Center
Network Systems Division