A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-25-20 |
![]() ![]() |
History
Fri, 29 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 29 Aug 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later | |
Title | HybridDesk Station | |
Weaknesses | CWE-77 CWE-78 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2025-08-29T18:21:41.548Z
Reserved: 2025-04-21T07:56:46.494Z
Link: CVE-2025-44015

Updated: 2025-08-29T18:16:21.384Z

Status : Awaiting Analysis
Published: 2025-08-29T18:15:42.097
Modified: 2025-09-02T15:55:35.520
Link: CVE-2025-44015

No data.

No data.