NetBak Replicator 4.5.15.0807+ Unquoted Search Path Vulnerability (CVE-2025-57714)
CVE-2025-57714 Published on October 3, 2025
NetBak Replicator
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
NetBak Replicator 4.5.15.0807 and later
Weakness Type
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Products Associated with CVE-2025-57714
Want to know whenever a new CVE is published for QNAP Netbak Replicator? stack.watch will email you.
Affected Versions
QNAP Systems Inc. NetBak Replicator:- Version 4.5.x and below 4.5.15.0807 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.