VioStor_CVE-2025-52861

7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later

Basic Information

ID CVE-2025-52861

Source qnap

Published Aug 29, 2025 at 17:17

Affected Product

Vendor QNAP Systems Inc.

Product VioStor

Version 5.1.0

Affected Versions QNAP Systems Inc. VioStor 5.1.0

CWE Classification

CWE-22

References

www.qnap.com /en/security-advisory/qsa-25-28

{
    "lastseen": "",
    "description": "A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nVioStor 5.1.6 build 20250621 and later",
    "published": "2025-08-29T17:17:26.199Z",
    "modified": "2025-08-29T17:17:26.199Z",
    "type": "cve",
    "title": "VioStor",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-28",
    "id": "CVE-2025-52861",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. VioStor 5.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VioStor",
    "version": "5.1.0",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}