CVE-2025-59389

Summary

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.Hyper Data Protector2.2.x < 2.2.4.1affected

Weaknesses

  • CWE-89: CWE-89

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References