Security ID : QSA-25-18
Vulnerability in GNU C Library
Release date : May 31, 2025
CVE identifier : CVE-2025-4802
Severity
None
Status
Not Affected
Summary
A vulnerability identified as CVE-2025-4802 has been reported to affect GNU C Library (glibc) versions 2.27 to 2.38. If exploited, this vulnerability allows a local attacker to load malicious shared libraries, escalate privileges, and execute arbitrary code.
After thorough investigation, we have determined that none of our current products are affected by this vulnerability. QNAP's firmware and applications do not utilize the affected versions.
| Affected Product | Severity |
| QTS 5.x | Not affected |
| QTS 4.x | Not affected |
| QuTS hero h5.x | Not affected |
| QuTS hero h4.x | Not affected |
Recommendation
No action is required from QNAP users regarding this vulnerability.
QNAP remains committed to monitoring security vulnerabilities and will provide updates if any new information arises.
To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
References
-
NVD: CVE-2025-4802
-
Red Hat Customer Portal: CVE-2025-4802
-
Wiz Vulnerability Database: CVE-2025-4802
Revision History: V1.0 (May 31, 2025) - Published
