Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Multiple Critical & High vulnerabilities in QNAP QTS, QuTS hero, Apache, and Qsync that can lead to RCE, Patch Immediately!
Image
Gepubliceerd : 13/02/2026
. * Last Update: 13/02/2026
* Affected products:
→ QNAP NAS
→ Qsync Central versions prior to 5.0.0.4 (2026/01/20)
→ QTS 5.2.x, QuTS hero h5.2.x
→ Apache
→ File Station 5* Type:
→ CWE-59 Improper Link Resolution Before File Access ('Link Following')
→ CWE-134 Use of Externally Controlled Format String
→ CWE-787 Out-of-bounds Write
→ CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
→ CWE-122 Heap-based Buffer Overflow* CVE/CVSS:
- CVE-2025-66277: CVSS 9.2 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
- CVE-2025-30269: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
- CVE-2025-30276: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
- CVE-2025-48723: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
- CVE-2025-48724: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
- CVE-2025-48725: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
- CVE-2025-52868: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
Sources
QNAP
- https://www.qnap.com/en/security-advisory/qsa-26-02
- https://www.qnap.com/en/security-advisory/qsa-26-05
- https://www.qnap.com/en/security-advisory/qsa-26-03
- https://www.qnap.com/en/security-advisory/qsa-26-04
- https://www.qnap.com/en/security-advisory/qsa-26-06
Risks
On the 12th of February 2026, QNAP published advisories regarding various critical and high vulnerabilities in QNAP QTS, Qsync Central, Samba, Apache, File Station 5.
There is not a publicly available PoC of none of the vulnerabilities, nor is there any proof of exploitation.
Exploiting CVE-2025-66277 or CVE-2025-30276 can have a high impact in all 3 aspects of the CIA triad (Confidentiality, Integrity, Availability).
Exploiting CVE-2025-30269 can have a high impact in Confidentiality and Integrity but no impact on the availability of the system.
Exploiting CVE-2025-48723 or CVE-2025-48724 or CVE-2025-48725 or CVE-2025-52868 can have a high impact on the Integrity and Availability of the system but no impact on the Confidentiality of the system.
Description
CVE-2025-66277: Attackers with network access and no privileges required can conduct file system traversal attacks without user interaction, potentially compromising sensitive data, modifying system files, or disrupting system availability.
CVE-2025-30269: If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory
CVE-2025-30276: If a remote attacker successfully exploits this vulnerability, that could lead to memory corruption, unauthorized access to sensitive data, data modification or loss, and service disruption.
CVE-2025-48723: An authenticated remote attacker can exploit this buffer overflow to cause denial of service by crashing critical processes in Qsync Central. Attackers may be able to modify memory, which could potentially lead to further system compromise.
CVE-2025-48724: Attack vectors that remote threat actors can use to exploit this vulnerability include crafted requests sent over the network with low attack complexity and no user interaction required once the attacker is authenticated.
CVE-2025-48725: An authenticated attacker with valid user credentials can exploit this buffer overflow to modify system memory or crash critical processes, resulting in system instability, denial of service, or potential system compromise.
CVE-2025-52868: Authenticated remote attackers can exploit this vulnerability to cause denial of service by crashing processes or to modify memory, potentially leading to code execution or system compromise.
For more details, please visit the official QNAP vulnerabilities in the links mentioned in the Source section.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NVD
- https://nvd.nist.gov/vuln/detail/CVE-2025-30269
- https://nvd.nist.gov/vuln/detail/CVE-2025-30276
- https://nvd.nist.gov/vuln/detail/CVE-2025-48723
- https://nvd.nist.gov/vuln/detail/CVE-2025-66277
- https://nvd.nist.gov/vuln/detail/CVE-2025-48725
- https://nvd.nist.gov/vuln/detail/CVE-2025-48724
- https://nvd.nist.gov/vuln/detail/CVE-2025-52868