PATCH NOW: QNAP Fixes 7 Zero-Days Exploited at Pwn2Own 2025

Home/Cybersecurity, Exploitation, Internet Security, Secuirty Update, Security Advisory, Security Update, vulnerability, Vulnerability Reports/PATCH NOW: QNAP Fixes 7 Zero-Days Exploited at Pwn2Own 2025

PATCH NOW: QNAP Fixes 7 Zero-Days Exploited at Pwn2Own 2025

QNAP has released an urgent security update after security researchers at Pwn2Own Ireland 2025 successfully hacked QNAP NAS devices using seven zero-day vulnerabilities.

How the Zero-Day Vulnerabilities Were Exploited

At the Pwn2Own Ireland 2025 cybersecurity event, several researcher teams successfully hacked QNAP NAS devices. They discovered multiple zero-day vulnerabilities that allowed them to completely take over the devices — without needing a password or any user access.

The researchers found weaknesses in how the system handled certain requests. These flaws allowed them to run commands directly on the device and gain full control. In simple terms, someone could send a specially crafted request to the NAS, and the system would execute whatever command was sent.

These types of issues are not new for QNAP, but this time, they were more severe because they allowed zero-click remote code execution, meaning no user interaction was needed at all. The Zero Day Initiative rewarded the researchers with over $150,000 for these discoveries.

QNAP released firmware updates on October 24, 2025, to fix these security bugs. The update strengthens system security and prevents attackers from using the same techniques to gain access. Users simply need to update their NAS firmware through the Control Panel → System → Firmware Update menu.

Updating your device ensures that the vulnerabilities are patched and that no one can remotely access your stored data.

How to Stay Protected (Mitigations)

QNAP recommends a few immediate actions to keep your NAS safe:

  • Update the firmware right away. This is the only way to patch the zero-day vulnerabilities.
  • Change your NAS password and make sure strong authentication is used.
  • Keep the NAS isolated from the main network. Use network segmentation (VLANs) so even if something goes wrong, attackers can’t move deeper into your environment.

Some of the security issues were also found in QNAP apps like Hybrid Backup Sync and Malware Remover, which could allow unauthorized access or command execution. So, make sure all apps are updated, not just the firmware.

For organizations using QNAP in business environments:

  • Monitor logs for unusual activity.
  • Use security tools like Intrusion Detection Systems (IDS) to detect unwanted access attempts.

These vulnerabilities show why regular firmware updates and security hygiene are critical, especially as NAS devices are becoming frequent targets of cyberattacks.

Post Views: 128
By | 2025-11-11T08:32:05+05:30 November 10th, 2025|Cybersecurity, Exploitation, Internet Security, Secuirty Update, Security Advisory, Security Update, vulnerability, Vulnerability Reports|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!