Contact
Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Home
UtiliaCS 970x120

QNAP releases security patches for critical vulnerabilities in VioStor NVR systems.

1 September 2025 21:38

QNAP Systems has released security updates to address several vulnerabilities in the QVR firmware of its VioStor Network Video Recorder (NVR) systems. On August 29, 2025, two serious security vulnerabilities were disclosed, prompting the company to promptly update their systems to prevent potential security breaches.

QNAP responded quickly to these security reports by releasing updated firmware that addresses both vulnerabilities. Legacy VioStor NVR systems running QVR 5.1.x are affected, but users can now update to QVR 5.1.6 build 20250621 or later to eliminate these security risks.

The security advisory discloses two separate vulnerabilities that could compromise the integrity of legacy VioStor NVR systems running QVR 5.1.x firmware.

  • The first vulnerability, identified as CVE-2025-52856, is an improper authentication flaw that allows remote attackers to compromise system security without proper credentials.
  • The second vulnerability, CVE-2025-52861, presents a path traversal vulnerability that becomes exploitable once an attacker gains administrator-level access.

A severity level Both vulnerabilities were rated “Important,” indicating a significant risk to the affected systems. Security researcher Hou Liuyang of 360 Security is credited with discovering and reporting these vulnerabilities, highlighting the value of security research collaboration to identify critical system vulnerabilities.

Here’s a quick demonstration of QNAP’s commitment to product security in infrastructure, including legacy systems that may no longer have regular feature updates. To do so, users can check their current firmware version and download the necessary updates directly from the official QNAP download site.

The company emphasizes the critical nature of these updates, especially given the sensitive nature of the surveillance data typically handled by NVR systems. QNAP provides detailed instructions for updating affected systems, emphasizing the simplicity of the patch installation process. Administrators can access the firmware update feature through the Control Panel’s System Settings menu, where they can upload and install the latest security patches.

The update process requires administrative access to the VioStor NVR system and involves downloading the firmware file specific to the device model from the QNAP official website.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Massimiliano Brolli 300x300
Responsible for the RED Team of a large Telecommunications company and 4G/5G cyber security labs. He has held managerial positions ranging from ICT Risk Management to software engineering to teaching in university master's programs.
Areas of Expertise: Bug Hunting, Red Team, Cyber Intelligence & Threat Analysis, Disclosure, Cyber Warfare and Geopolitics, Ethical Hacking