CVE-2025-30264 | QNAP QTS/QuTS hero User Account command injection (qsa-25-21)

A vulnerability categorized as critical has been discovered in QNAP QTS and QuTS hero. Affected by this issue is some unknown functionality of the component User Account Handler. Such manipulation leads to command injection.

This vulnerability is listed as CVE-2025-30264. The attack may be performed from a remote location. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More