We have already fixed the vulnerability in the following version:
QuRouter 2.5.1.060 and later
Metrics
Affected Vendors & Products
Solution
We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-25-25 |
![]() ![]() |
Wed, 24 Sep 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qurouter |
|
CPEs | cpe:2.3:o:qnap:qurouter:2.5.0.140:build_20250227:*:*:*:*:*:* cpe:2.3:o:qnap:qurouter:2.5.0.268:build_20250324:*:*:*:*:*:* |
|
Vendors & Products |
Qnap
Qnap qurouter |
|
Metrics |
cvssV3_1
|
Fri, 29 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 29 Aug 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later | |
Title | QuRouter 2.5 | |
Weaknesses | CWE-77 CWE-78 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2025-08-29T18:24:51.513Z
Reserved: 2025-03-12T08:12:28.508Z
Link: CVE-2025-29887

Updated: 2025-08-29T18:19:30.673Z

Status : Analyzed
Published: 2025-08-29T18:15:35.467
Modified: 2025-09-24T18:11:51.600
Link: CVE-2025-29887

No data.

No data.