CVE-2023-45025

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Published: Feb 2, 2024
Updated: Nov 16, 2025
CVE: CVE-2023-45025
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qnap / qts	5.1.0.2348-build_20230325	5.1.0.2348-build_20230325.x
qnap / qts	4.5.4.2280-build_20230112	4.5.4.2280-build_20230112.x
qnap / qts	4.5.4.2117-build_20220802	4.5.4.2117-build_20220802.x
qnap / qts	4.5.4.2012-build_20220419	4.5.4.2012-build_20220419.x
qnap / qts	4.5.4.1931-build_20220128	4.5.4.1931-build_20220128.x
qnap / qts	4.5.4.1800-build_20210923	4.5.4.1800-build_20210923.x
qnap / qts	4.5.4.1787-build_20210910	4.5.4.1787-build_20210910.x
qnap / qts	4.5.4.1741-build_20210726	4.5.4.1741-build_20210726.x
qnap / qts	4.5.4.1723-build_20210708	4.5.4.1723-build_20210708.x
qnap / qts	4.5.4.1715-build_20210630	4.5.4.1715-build_20210630.x
qnap / qts	4.5.4.1892-build_20211223	4.5.4.1892-build_20211223.x
qnap / quts_hero	h4.5.4.2272-build_20230105	h4.5.4.2272-build_20230105.x
qnap / quts_hero	h4.5.4.2217-build_20221111	h4.5.4.2217-build_20221111.x
qnap / quts_hero	h4.5.4.2138-build_20220824	h4.5.4.2138-build_20220824.x
qnap / quts_hero	h4.5.4.2052-build_20220530	h4.5.4.2052-build_20220530.x
qnap / quts_hero	h4.5.4.1991-build_20220330	h4.5.4.1991-build_20220330.x
qnap / quts_hero	h4.5.4.1971-build_20220310	h4.5.4.1971-build_20220310.x
qnap / quts_hero	h4.5.4.1951-build_20220218	h4.5.4.1951-build_20220218.x
qnap / quts_hero	h4.5.4.1892-build_20211223	h4.5.4.1892-build_20211223.x
qnap / quts_hero	h4.5.4.1848-build_20211109	h4.5.4.1848-build_20211109.x
qnap / quts_hero	h4.5.4.1813-build_20211006	h4.5.4.1813-build_20211006.x
qnap / quts_hero	h4.5.4.1800-build_20210923	h4.5.4.1800-build_20210923.x
qnap / quts_hero	h4.5.4.1771-build_20210825	h4.5.4.1771-build_20210825.x
qnap / qts	5.1.0.2418-build_20230603	5.1.0.2418-build_20230603.x
qnap / qts	5.1.0.2399-build_20230515	5.1.0.2399-build_20230515.x
qnap / qts	4.5.4.2374-build_20230416	4.5.4.2374-build_20230416.x
qnap / quts_hero	h5.1.0.2409-build_20230525	h5.1.0.2409-build_20230525.x
qnap / quts_hero	h4.5.4.2374-build_20230417	h4.5.4.2374-build_20230417.x
qnap / qts	5.1.0.2466-build_20230721	5.1.0.2466-build_20230721.x
qnap / qts	5.1.1.2491-build_20230815	5.1.1.2491-build_20230815.x
qnap / qts	5.1.0.2444-build_20230629	5.1.0.2444-build_20230629.x
qnap / quts_hero	h5.1.1.2488-build_20230812	h5.1.1.2488-build_20230812.x
qnap / quts_hero	h5.1.0.2466-build_20230721	h5.1.0.2466-build_20230721.x
qnap / quts_hero	h5.1.0.2453-build_20230708	h5.1.0.2453-build_20230708.x
qnap / quts_hero	h5.1.0.2424-build_20230609	h5.1.0.2424-build_20230609.x
qnap / qts	5.1.3.2578-build_20231110	5.1.3.2578-build_20231110.x
qnap / qts	5.1.2.2533-build_20230926	5.1.2.2533-build_20230926.x
qnap / quts_hero	h5.1.3.2578-build_20231110	h5.1.3.2578-build_20231110.x
qnap / quts_hero	h5.1.2.2534-build_20230927	h5.1.2.2534-build_20230927.x
qnap / qutscloud	c5.1.0.2498-build_20230822	c5.1.0.2498-build_20230822.x
qnap / quts_hero	h5.1.4.2596	h5.1.4.2596.x
qnap / qts	5.1.4.2596	5.1.4.2596.x
qnap / qts	4.5.4.2627	4.5.4.2627.x
qnap / quts_hero	h4.5.4.2476-build_20230728	h4.5.4.2476-build_20230728.x
qnap / quts_hero	h4.5.4.2626	h4.5.4.2626.x

https://www.qnap.com/en/security-advisory/qsa-23-47

Vulnerability Database

308,918

CVE-2023-45025

Deep Security Visibility Without the Complexity