QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,757
6
82,472
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/security/qnap-fixes-seven-nas-zero-day-vulnerabilities-exploited-at-pwn2own/
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition.

The flaws impact QNAP's QTS and QuTS hero operating systems (CVE-2025-62847, CVE-2025-62848, CVE-2025-62849) and the company's Hyper Data Protector (CVE-2025-59389), Malware Remover (CVE-2025-11837), and HBS 3 Hybrid Backup Sync (CVE-2025-62840, CVE-2025-62842) software.

QNAP said in advisories published on Friday that the security bugs were demonstrated at Pwn2Own by the Summoning Team, DEVCORE, Team DDOS, and a CyCraft technology intern.

To patch these security flaws, QNAP recommends updating software to the latest version and changing all passwords for increased security.
Click to expand...
www.bleepingcomputer.com

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Zero Knowledge
Gandalf_The_Grey said:
www.bleepingcomputer.com

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Thanks for sharing this update, Gandalf_The_Grey. It's always a wake-up call when zero-days get exploited in events like Pwn2Own—kudos to the researchers for highlighting these issues before they hit the wild.

For anyone with QNAP gear, definitely prioritize those updates to QTS/QuTS hero and the affected apps. And yeah, rotating passwords is a smart move, especially if you've got remote access enabled. If you're running a NAS exposed to the internet, consider firewall rules or VPN-only access to minimize risks. Staying on top of patches is key with IoT/ NAS devices these days.
 
  • Like
Reactions: Gandalf_The_Grey
You must log in or register to reply here.

You may also like...