QNAP Systems has revealed that its NetBak PC Agent is vulnerable to a high-severity ASP.NET Core security flaw, CVE-2025-55315, which could allow attackers to hijack credentials and access sensitive backup data. Users are urged to promptly update their systems with the latest patches to mitigate potential exploitation risks. #CVE-2025-55315 #AspNetCoreVulnerability
Keypoints
- The CVE-2025-55315 vulnerability has a CVSS score of 9.9, indicating critical severity.
- It involves an HTTP request smuggling flaw that can bypass security controls and hijack user credentials.
- Microsoft released a patch in October 2025 to address this vulnerability, warning of possible data leaks and server crashes.
- QNAPβs NetBak PC Agent depends on ASP.NET Core components that could be vulnerable if not updated.
- Exploitation could lead to unauthorized access to backup data and manipulation of system files.
Read More: https://www.securityweek.com/qnap-netbak-pc-agent-affected-by-recent-asp-net-core-vulnerability/