Security ID : QSA-25-20
Vulnerability in HybridDesk Station
Release date : August 29, 2025
CVE identifier : CVE-2025-44015
Affected products: HybridDesk Station 4.2.x
Severity
Moderate
Status
Resolved
Summary
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| HybridDesk Station 4.2.x | HybridDesk Station 4.2.18 and later |
Recommendation
To fix the vulnerability, we recommend updating HybridDesk Station to the latest version.
Updating HybridDesk Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "HybridDesk Station" and then press ENTER.
HybridDesk Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your HybridDesk Station is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: Dohwan Kim, Junwoo Kwon (neko_hat, wnsdn1583 from Chung-Ang Univ.)
Revision History:
V1.0 (August 29, 2025) - Published
