QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

Posted on By CWS

Taiwan-based QNAP Programs says its NetBak PC Agent is doubtlessly affected by a just lately disclosed ASP.NET Core vulnerability that has the “highest ever” CVSS rating for a difficulty within the open supply net growth framework.

Tracked as CVE-2025-55315 (CVSS rating of 9.9), the bug is an HTTP request smuggling defect that enables attackers to bypass safety controls over the community, or hijack different customers’ credentials.

Microsoft patched the vulnerability on October 2025 Patch Tuesday, warning that it might be exploited to leak delicate info, tamper with file contents, or drive a crash throughout the server.

The precise influence from the bug, .NET safety program supervisor Barry Dorrans stated, relies on how an utility was constructed, and will permit attackers to log in as one other person, bypass CSRF checks, make inner requests, and carry out injection assaults.

In line with QNAP, its NetBak PC Agent installs and will depend on ASP.NET Core elements throughout setup, which might end in a susceptible model of the framework working on techniques that haven’t been up to date.

NetBak PC Agent is a Home windows utility that enables customers to again up pc and server contents to a QNAP NAS system, and permits them to revive techniques when wanted.

Given the important function the applying performs in backup/restoration operations, profitable exploitation of CVE-2025-55315 might have dire penalties, doubtlessly permitting attackers to entry backup information.

QNAP urges customers to right away apply the patches for ASP.NET Core, both by reinstalling the agent, or by manually downloading and putting in the most recent framework model.Commercial. Scroll to proceed studying.

The corporate makes no point out of the flaw being exploited in opposition to NetBak PC Agent customers, however vulnerabilities affecting QNAP merchandise have been well-liked targets for risk actors.

Associated: Yr-Previous WordPress Plugin Flaws Exploited to Hack Web sites

Associated: Chrome Zero-Day Exploitation Linked to Hacking Group Adware

Associated: Exploitation of Crucial Adobe Commerce Flaw Places Many eCommerce Websites at Danger

Associated: BIND Updates Tackle Excessive-Severity Cache Poisoning Flaws

Security Week News Tags:, , , , , ,

Related Posts

SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM Security Week News
Hugging Face Abused to Deploy Android RAT Hugging Face Abused to Deploy Android RAT Security Week News
Production at Steelmaker Nucor Disrupted by Cyberattack Production at Steelmaker Nucor Disrupted by Cyberattack Security Week News
Google Gemini Tricked Into Showing Phishing Message Hidden in Email  Google Gemini Tricked Into Showing Phishing Message Hidden in Email  Security Week News
Cybersecurity M&A Roundup: 45 Deals Announced in October 2025 Cybersecurity M&A Roundup: 45 Deals Announced in October 2025 Security Week News
Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products Security Week News