Search criteria
1 vulnerability found for MARS by Qnap
CERTFR-2026-AVI-0003
Vulnerability from certfr_avis - Published: 2026-01-05 - Updated: 2026-01-05
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QVPN | QVPN Device Client pour Mac versions 2.2.x antérieures à 2.2.8 | ||
| Qnap | QuTS hero | QuTS hero versions h5.2.8.x antérieures à h5.2.8.3321 build 20251117 | ||
| Qnap | Qfinder | Qfinder Pro Mac versions 7.13.x antérieures à 7.13.0 | ||
| Qnap | Qsync | Qsync pour Mac versions 5.1.x antérieures à 5.1.5 | ||
| Qnap | QuMagie | QuMagie versions 2.x antérieures à 2.8.1 | ||
| Qnap | License Center | License Center versions 2.0.x antérieures à 2.0.36 | ||
| Qnap | Qfiling | Qfiling versions 3.13.x antérieures à 3.13.1 | ||
| Qnap | QTS | QTS versions 5.2.8.x antérieures à 5.2.8.3332 build 20251128 | ||
| Qnap | MARS | MARS (Multi-Application Recovery Service) versions 1.2.x antérieures à 1.2.1.1686 | ||
| Qnap | QuTS hero | QuTS hero versions h5.3.x antérieures à h5.3.1.3250 build 20250912 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVPN Device Client pour Mac versions 2.2.x ant\u00e9rieures \u00e0 2.2.8",
"product": {
"name": "QVPN",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.8.x ant\u00e9rieures \u00e0 h5.2.8.3321 build 20251117",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qfinder Pro Mac versions 7.13.x ant\u00e9rieures \u00e0 7.13.0",
"product": {
"name": "Qfinder",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync pour Mac versions 5.1.x ant\u00e9rieures \u00e0 5.1.5",
"product": {
"name": "Qsync",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuMagie versions 2.x ant\u00e9rieures \u00e0 2.8.1",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 2.0.x ant\u00e9rieures \u00e0 2.0.36",
"product": {
"name": "License Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qfiling versions 3.13.x ant\u00e9rieures \u00e0 3.13.1",
"product": {
"name": "Qfiling",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.8.x ant\u00e9rieures \u00e0 5.2.8.3332 build 20251128",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "MARS (Multi-Application Recovery Service) versions 1.2.x ant\u00e9rieures \u00e0 1.2.1.1686",
"product": {
"name": "MARS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.3.x ant\u00e9rieures \u00e0 h5.3.1.3250 build 20250912",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53590",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53590"
},
{
"name": "CVE-2025-52431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52431"
},
{
"name": "CVE-2025-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52864"
},
{
"name": "CVE-2025-54165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54165"
},
{
"name": "CVE-2025-59381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59381"
},
{
"name": "CVE-2025-54164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54164"
},
{
"name": "CVE-2025-53414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53414"
},
{
"name": "CVE-2025-53589",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53589"
},
{
"name": "CVE-2025-48721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48721"
},
{
"name": "CVE-2025-53597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53597"
},
{
"name": "CVE-2025-53405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53405"
},
{
"name": "CVE-2025-57705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57705"
},
{
"name": "CVE-2025-53596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53596"
},
{
"name": "CVE-2025-53594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53594"
},
{
"name": "CVE-2025-9110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9110"
},
{
"name": "CVE-2025-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52426"
},
{
"name": "CVE-2025-62852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62852"
},
{
"name": "CVE-2025-53593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53593"
},
{
"name": "CVE-2025-53592",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53592"
},
{
"name": "CVE-2025-52872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52872"
},
{
"name": "CVE-2025-59380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59380"
},
{
"name": "CVE-2025-52863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52863"
},
{
"name": "CVE-2025-44013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-44013"
},
{
"name": "CVE-2025-52871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52871"
},
{
"name": "CVE-2025-54166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54166"
},
{
"name": "CVE-2025-52430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52430"
},
{
"name": "CVE-2025-59384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59384"
},
{
"name": "CVE-2025-47208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47208"
},
{
"name": "CVE-2025-62857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62857"
},
{
"name": "CVE-2025-53591",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53591"
},
{
"name": "CVE-2025-59387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59387"
}
],
"initial_release_date": "2026-01-05T00:00:00",
"last_revision_date": "2026-01-05T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0003",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-52",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-52"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-51",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-51"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-50",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-50"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-54",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-54"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-55",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-55"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-53",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-53"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-49",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-49"
}
]
}