QNAP CVE-2025-59382 Fix Implemented
CVE-2025-59382 Published on June 10, 2026

QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:

NVD

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

CVE-2025-59382 has been classified to as an Assumed-Immutable Parameter Tampering vulnerability or weakness.

Products Associated with CVE-2025-59382

Want to know whenever a new CVE is published for QNAP products? stack.watch will email you.

QNAP Qts

QNAP Quts Hero

QNAP Qutscloud

Affected Versions

QNAP Systems Inc. QTS:

Version ? is unaffected.

QNAP Systems Inc. QuTS hero:

Version ? is unaffected.

QNAP Systems Inc. QuTScloud:

Version c5.0.0 is unaffected.

QNAP CVE-2025-59382 Fix ImplementedCVE-2025-59382 Published on June 10, 2026

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

Products Associated with CVE-2025-59382

Affected Versions

QNAP CVE-2025-59382 Fix Implemented
CVE-2025-59382 Published on June 10, 2026