QNAP issues a security warning urging users to patch a critical ASP.NET Core vulnerability (CVE-2025-55315) that affects the NetBak PC Agent, risking credential hijacking and security bypass. Applying the latest updates mitigates potential exploitation by attackers targeting ASP.NET applications. #CVE-2025-55315 #ASP.NETCore
Keypoints
- QNAP warns about a critical ASP.NET Core security vulnerability affecting the NetBak PC Agent.
- The flaw, CVE-2025-55315, allows low-privilege attackers to hijack credentials and bypass security controls.
- Users must update ASP.NET Core runtimes manually or by reinstalling the NetBak PC Agent.
- Successful exploitation can lead to unauthorized data access, server file modification, or DoS conditions.
- Earlier in the year, QNAP also patched multiple rsync vulnerabilities in its backup solutions.