{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-9110","assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","state":"PUBLISHED","assignerShortName":"qnap","dateReserved":"2025-08-18T08:29:16.532Z","datePublished":"2026-01-02T15:17:29.481Z","dateUpdated":"2026-01-02T19:14:42.164Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QTS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"5.2.8.3332 build 20251128","status":"affected","version":"5.2.x","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"QuTS hero","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"h5.2.8.3321 build 20251117","status":"affected","version":"h5.2.x","versionType":"custom"},{"lessThan":"h5.3.1.3250 build 20250912","status":"affected","version":"h5.3.x","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.8.3332_build_20251128","versionStartIncluding":"5.2.x","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*","versionEndExcluding":"h5.2.8.3321_build_20251117","versionStartIncluding":"h5.2.x","vulnerable":true},{"criteria":"cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*","versionEndExcluding":"h5.3.1.3250_build_20250912","versionStartIncluding":"h5.3.x","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Nanyu Zhong @ VARAS IIE"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.2.8.3332 build 20251128 and later<br>QuTS hero h5.2.8.3321 build 20251117 and later<br>QuTS hero h5.3.1.3250 build 20250912 and later<br>"}],"value":"An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later\nQuTS hero h5.3.1.3250 build 20250912 and later"}],"impacts":[{"capecId":"CAPEC-131","descriptions":[{"lang":"en","value":"CAPEC-131"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":2.7,"baseSeverity":"LOW","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-497","description":"CWE-497","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap","dateUpdated":"2026-01-02T15:17:29.481Z"},"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-25-51"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"We have already fixed the vulnerability in the following versions:<br>QTS 5.2.8.3332 build 20251128 and later<br>QuTS hero h5.2.8.3321 build 20251117 and later<br>QuTS hero h5.3.1.3250 build 20250912 and later<br>"}],"value":"We have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later\nQuTS hero h5.3.1.3250 build 20250912 and later"}],"source":{"advisory":"QSA-25-51","discovery":"EXTERNAL"},"title":"QTS, QuTS hero","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-02T19:14:27.110080Z","id":"CVE-2025-9110","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-02T19:14:42.164Z"}}]}}