Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Enterprise BusinessLog 320x200 1
Banner Ancharia Desktop 1 1
QNAP releases security patches for critical vulnerabilities in VioStor NVR systems.

QNAP releases security patches for critical vulnerabilities in VioStor NVR systems.

1 September 2025 21:38

QNAP Systems has released security updates to address several vulnerabilities in the QVR firmware of its VioStor Network Video Recorder (NVR) systems. On August 29, 2025, two serious security vulnerabilities were disclosed, prompting the company to promptly update their systems to prevent potential security breaches.

QNAP responded quickly to these security reports by releasing updated firmware that addresses both vulnerabilities. Legacy VioStor NVR systems running QVR 5.1.x are affected, but users can now update to QVR 5.1.6 build 20250621 or later to eliminate these security risks.

The security advisory discloses two separate vulnerabilities that could compromise the integrity of legacy VioStor NVR systems running QVR 5.1.x firmware.

  • The first vulnerability, identified as CVE-2025-52856, is an improper authentication flaw that allows remote attackers to compromise system security without proper credentials.
  • The second vulnerability, CVE-2025-52861, presents a path traversal vulnerability that becomes exploitable once an attacker gains administrator-level access.

A severity level Both vulnerabilities were rated “Important,” indicating a significant risk to the affected systems. Security researcher Hou Liuyang of 360 Security is credited with discovering and reporting these vulnerabilities, highlighting the value of security research collaboration to identify critical system vulnerabilities.

Here’s a quick demonstration of QNAP’s commitment to product security in infrastructure, including legacy systems that may no longer have regular feature updates. To do so, users can check their current firmware version and download the necessary updates directly from the official QNAP download site.

The company emphasizes the critical nature of these updates, especially given the sensitive nature of the surveillance data typically handled by NVR systems. QNAP provides detailed instructions for updating affected systems, emphasizing the simplicity of the patch installation process. Administrators can access the firmware update feature through the Control Panel’s System Settings menu, where they can upload and install the latest security patches.

The update process requires administrative access to the VioStor NVR system and involves downloading the firmware file specific to the device model from the QNAP official website.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Immagine del sito
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.