CVE-2025-62849 | QNAP QTS/QuTS hero sql injection (qsa-25-45)

December 16, 2025 Yanac

A vulnerability described as critical has been identified in QNAP QTS and QuTS hero. This affects an unknown part. The manipulation results in sql injection.

This vulnerability was named CVE-2025-62849. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More

CVE-2025-67736 | FreePBX Text To Speech up to 16.0.4/17.0.4 sql injection (GHSA-632c-49p9-x7cw)
CVE-2025-62848 | QNAP QTS/QuTS hero null pointer dereference (qsa-25-45)