CVE-2025-59388 | THREATINT

Description

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later

PUBLISHED Reserved 2025-09-15 | Published 2026-03-12 | Updated 2026-03-12 | Assigner qnap

MEDIUM: 6.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-259

Product status

Default status

unaffected

2.3.x (custom) before 2.3.1.455

affected

Credits

Pwn2Own 2025 - Summoning Team finder

References

www.qnap.com/en/security-advisory/qsa-25-48

cve.org (CVE-2025-59388)

nvd.nist.gov (CVE-2025-59388)

Download JSON