CVE-2025-9110
published 2026-01-02CVE-2025-9110: An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.41%
32.6th percentile
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.02.7LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xhj9-wqh5-g6hq: An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system
ghsa_unreviewed·2026-01-02
CVE-2025-9110 [LOW] CWE-497 GHSA-xhj9-wqh5-g6hq: An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later
GHSA
urllib3 allows an unbounded number of links in the decompression chain
ghsa·2025-12-05
CVE-2025-66418 [HIGH] CWE-770 urllib3 allows an unbounded number of links in the decompression chain
urllib3 allows an unbounded number of links in the decompression chain
## Impact
urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., `Content-Encoding: gzip, zstd`).
However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data.
## Affected usages
Applications and libraries using urllib3 version 2.5.0 and earlier for HTTP requests to untrusted sources unless they disable content decoding explicitly.
## Remediation
Upgrade to at least urllib3 v2.6.0 in which the library limits the number of links to 5.
If upgrading is not immediately possible, use [`preload_c
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-02
Published