Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

QNAP releases security patches for critical vulnerabilities in VioStor NVR systems.

Redazione RHC : 1 September 2025 21:38

QNAP Systems has released security updates to address several vulnerabilities in the QVR firmware of its VioStor Network Video Recorder (NVR) systems. On August 29, 2025, two serious security vulnerabilities were disclosed, prompting the company to promptly update their systems to prevent potential security breaches.

QNAP responded quickly to these security reports by releasing updated firmware that addresses both vulnerabilities. Legacy VioStor NVR systems running QVR 5.1.x are affected, but users can now update to QVR 5.1.6 build 20250621 or later to eliminate these security risks.

The security advisory discloses two separate vulnerabilities that could compromise the integrity of legacy VioStor NVR systems running QVR 5.1.x firmware.

  • The first vulnerability, identified as CVE-2025-52856, is an improper authentication flaw that allows remote attackers to compromise system security without proper credentials.
  • The second vulnerability, CVE-2025-52861, presents a path traversal vulnerability that becomes exploitable once an attacker gains administrator-level access.

A severity level Both vulnerabilities were rated “Important,” indicating a significant risk to the affected systems. Security researcher Hou Liuyang of 360 Security is credited with discovering and reporting these vulnerabilities, highlighting the value of security research collaboration to identify critical system vulnerabilities.

Here’s a quick demonstration of QNAP’s commitment to product security in infrastructure, including legacy systems that may no longer have regular feature updates. To do so, users can check their current firmware version and download the necessary updates directly from the official QNAP download site.

The company emphasizes the critical nature of these updates, especially given the sensitive nature of the surveillance data typically handled by NVR systems. QNAP provides detailed instructions for updating affected systems, emphasizing the simplicity of the patch installation process. Administrators can access the firmware update feature through the Control Panel’s System Settings menu, where they can upload and install the latest security patches.

The update process requires administrative access to the VioStor NVR system and involves downloading the firmware file specific to the device model from the QNAP official website.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli