CVE-2025-29887 - Vulnerability Details - OpenCVE

A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.

We have already fixed the vulnerability in the following version:
QuRouter 2.5.1.060 and later

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00855.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-25-25

History

Fri, 29 Aug 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 29 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later
Title		QuRouter 2.5
Weaknesses		CWE-77 CWE-78
References		https://www.qnap.com/en/security-advisory/qsa-25-25
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2025-08-29T17:14:32.736Z

Updated: 2025-08-29T18:24:51.513Z

Reserved: 2025-03-12T08:12:28.508Z

Link: CVE-2025-29887

Vulnrichment

Updated: 2025-08-29T18:19:30.673Z

NVD

Status : Awaiting Analysis

Published: 2025-08-29T18:15:35.467

Modified: 2025-09-02T15:55:35.520

Link: CVE-2025-29887

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-29887", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2025-03-12T08:12:28.508Z", "datePublished": "2025-08-29T17:14:32.736Z", "dateUpdated": "2025-08-29T18:24:51.513Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QuRouter", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "2.5.1.060", "status": "affected", "version": "2.5.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Anonymous"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.<br><br>We have already fixed the vulnerability in the following version:<br>QuRouter 2.5.1.060 and later<br>"}], "value": "A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.5.1.060 and later"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}, {"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-08-29T17:14:32.736Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-25"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>QuRouter 2.5.1.060 and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.5.1.060 and later"}], "source": {"advisory": "QSA-25-25", "discovery": "EXTERNAL"}, "title": "QuRouter 2.5", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-29T18:19:28.104348Z", "id": "CVE-2025-29887", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-29T18:24:51.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-29887", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-29T18:19:28.104348Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-29T18:19:30.673Z"}}], "cna": {"title": "QuRouter 2.5", "source": {"advisory": "QSA-25-25", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Anonymous"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QuRouter", "versions": [{"status": "affected", "version": "2.5.x", "lessThan": "2.5.1.060", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.5.1.060 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>QuRouter 2.5.1.060 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-25"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.5.1.060 and later", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.<br><br>We have already fixed the vulnerability in the following version:<br>QuRouter 2.5.1.060 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77"}, {"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-08-29T17:14:32.736Z"}}}, "cveMetadata": {"cveId": "CVE-2025-29887", "state": "PUBLISHED", "dateUpdated": "2025-08-29T18:24:51.513Z", "dateReserved": "2025-03-12T08:12:28.508Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2025-08-29T17:14:32.736Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.5.1.060 and later"}], "id": "CVE-2025-29887", "lastModified": "2025-09-02T15:55:35.520", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2025-08-29T18:15:35.467", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-25-25"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}