QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-29887

Back to search

CVE-2025-29887

Published: Aug 29, 2025

Modified: Aug 29, 2025

PUBLISHED

Description

A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later

VendorProductVersions

QNAP Systems Inc.

QuRouter

affected
2.5.x - < 2.5.1.060

Weaknesses (CWE)

CWE-77
CWE-78

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now