Home

Description

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later

PUBLISHED Reserved 2025-09-15 | Published 2026-01-02 | Updated 2026-01-02 | Assigner qnap




HIGH: 8.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Problem types

CWE-89

Product status

Default status
unaffected

2.2.x (custom) before 2.2.4.1
affected

Credits

Pwn2Own 2025 - Summoning Team finder

References

www.qnap.com/en/security-advisory/qsa-25-48

cve.org (CVE-2025-59389)

nvd.nist.gov (CVE-2025-59389)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.