QNAP NAS Multiple Vulnerabilities
CSIRTS triage
- What
- Multiple vulnerabilities have been identified in QNAP NAS devices.
- Who is affected
- Users of QNAP NAS devices.
- Urgency
- Remediation is necessary to protect against potential exploits.
- Action
- Users should monitor for updates and apply patches as they become available.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.hkcert.org/security-bulletin/qnap-nas-multiple-vulnerabilities_20260624
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2025-593820.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all scored CVEs.
- Low exploitation riskCVE-2025-628580.45% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 36% of all scored CVEs.
- Moderate exploitation riskCVE-2025-662731.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 60% of all scored CVEs.
- Moderate exploitation riskCVE-2025-662791.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 60% of all scored CVEs.
- Low exploitation riskCVE-2025-662800.43% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 35% of all scored CVEs.
- Low exploitation riskCVE-2025-662810.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-228930.99% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 58% of all scored CVEs.
- Low exploitation riskCVE-2026-228990.28% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
- Low exploitation riskCVE-2026-247200.28% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-59382 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-62858 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-66273 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-66279 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-66280 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-66281 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-68405 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-22893 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-22899 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-24720 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-24724 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-26239 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-26240 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-26241 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] QNAP NAS: Multiple vulnerabilitiescert-bund
More from HKCERT Security Bulletins
- unknownJuniper Junos OS Multiple Vulnerabilities2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilities2026-07-09
- unknownPalo Alto Products Multiple Vulnerabilities2026-07-09
- unknownBeyondTrust Products Multiple Vulnerabilities2026-07-08
- unknownApple Products Multiple Vulnerabilities2026-07-06