HybridDesk Station_CVE-2025-44015

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Description

A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.

We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later

Basic Information

ID CVE-2025-44015

Source qnap

Published Aug 29, 2025 at 17:17

Affected Product

Vendor QNAP Systems Inc.

Product HybridDesk Station

Version 4.2.x

Affected Versions QNAP Systems Inc. HybridDesk Station 4.2.x

CWE Classification

CWE-77 CWE-78

References

www.qnap.com /en/security-advisory/qsa-25-20

{
    "lastseen": "",
    "description": "A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nHybridDesk Station 4.2.18 and later",
    "published": "2025-08-29T17:17:15.478Z",
    "modified": "2025-08-29T17:17:15.478Z",
    "type": "cve",
    "title": "HybridDesk Station",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-20",
    "id": "CVE-2025-44015",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. HybridDesk Station 4.2.x",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HybridDesk Station",
    "version": "4.2.x",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}