Security ID : QSA-25-39
Vulnerability in NetBak Replicator
Release date : October 4, 2025
CVE identifier : CVE-2025-57714
Affected products: NetBak Replicator 4.5.x
Severity
Important
Status
Resolved
Summary
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains access to a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| NetBak Replicator 4.5.x | NetBak Replicator 4.5.15.0807 and later |
Recommendation
To secure your device, we recommend regularly updating your QNAP utilities to the latest versions to benefit from vulnerability fixes. You can check the QNAP Utilities page to see the latest updates available to your device operating system.
Attachment
Acknowledgements: Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc.
Revision History:
V1.0 (October 4, 2025) - Published
