A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.5.1.060 and later
We have already fixed the vulnerability in the following version:
QuRouter 2.5.1.060 and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-25-25 |
![]() ![]() |
History
Fri, 29 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 29 Aug 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later | |
Title | QuRouter 2.5 | |
Weaknesses | CWE-77 CWE-78 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2025-08-29T18:24:51.513Z
Reserved: 2025-03-12T08:12:28.508Z
Link: CVE-2025-29887

Updated: 2025-08-29T18:19:30.673Z

Status : Awaiting Analysis
Published: 2025-08-29T18:15:35.467
Modified: 2025-09-02T15:55:35.520
Link: CVE-2025-29887

No data.

No data.