456/68 Tuesday, November 11, 2025
QNAP, the Taiwan-based network-attached storage (NAS) manufacturer, has issued a major security update to fix seven zero-day vulnerabilities affecting multiple core software components. These vulnerabilities are significant because they were discovered and successfully exploited during the Pwn2Own Ireland 2025 global hacking competition – demonstrating that attackers could compromise affected systems if the issues are left unpatched.
The vulnerabilities addressed in this update impact the main operating systems QTS and QuTS hero, as well as key applications including Hyper Data Protector (backup solution), HBS 3 Hybrid Backup Sync (data synchronization), and even the Malware Remover tool. Credit for the discoveries goes to several leading security research teams, including Summoning Team, DEVCORE, Team DDOS, and researchers from CyCraft, who demonstrated the risks during the competition.
To ensure maximum data protection, QNAP urges users to update their systems to the latest fixed versions immediately. The patched versions include:
- Hyper Data Protector 2.2.4.1
- Malware Remover 6.6.8.20251023
- HBS 3 version 26.2.0.938
- QTS 5.2.7.3297
- QuTS hero h5.2.7.3297 or h5.3.1.3292 (and newer versions)
Regularly checking for updates and applying security patches as soon as they are released remains one of the most effective practices to protect against cyber threats.
