CVE-2025-22481— QTS, QuTS hero

EPSS 0.63% · P70 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-22481

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

QTS, QuTS hero

Source: NVD (National Vulnerability Database)

Vulnerability Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在命令中使用的特殊元素转义处理不恰当(命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

QNAP operating system 命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

QNAP operating system是中国台湾威联通科技（QNAP）公司的一个操作系统。 QNAP operating system存在命令注入漏洞，该漏洞源于命令注入，可能导致远程攻击者执行任意命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
QNAP Systems Inc.	QTS	5.2.x ~ 5.2.4.3079 build 20250321	-
QNAP Systems Inc.	QuTS hero	h5.2.x ~ h5.2.4.3079 build 20250321	-

II. Public POCs for CVE-2025-22481

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-22481

请登录查看更多情报信息。

Same Patch Batch · QNAP Systems Inc. · 2025-06-06 · 21 CVEs total

CVE-2025-22484		File Station 5
CVE-2025-33035		File Station 5
CVE-2025-33031		File Station 5
CVE-2025-30279		File Station 5
CVE-2025-29877		File Station 5
CVE-2025-29876		File Station 5
CVE-2025-29873		File Station 5
CVE-2025-29872		File Station 5
CVE-2025-29871		File Station 5
CVE-2025-22490		File Station 5
CVE-2025-29885		File Station 5
CVE-2024-13087		QHora
CVE-2024-13088		QHora
CVE-2024-56805		QTS, QuTS hero
CVE-2024-50406		License Center
CVE-2025-22482		Qsync Central
CVE-2025-29892		Qsync Central
CVE-2025-22486		File Station 5
CVE-2025-29883		File Station 5
CVE-2025-29884		File Station 5

IV. Related Vulnerabilities

Same product: QTS

Same vendor: QNAP Systems Inc.

Same weakness: CWE-77

V. Comments for CVE-2025-22481

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-22481— QTS, QuTS hero

I. Basic Information for CVE-2025-22481

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-22481

III. Intelligence Information for CVE-2025-22481

Same Patch Batch · QNAP Systems Inc. · 2025-06-06 · 21 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-22481

Leave a comment