CVE-2025-59389

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59389

Published

2026-01-02T16:17:00.433Z

Modified

2026-03-13T03:39:23.500564Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later

References

https://www.qnap.com/en/security-advisory/qsa-25-48

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2.1.0.0226"
            },
            {
                "fixed": "2.2.4.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0.1115-beta"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59389.json"