QNAP newsroom

Taipei, Taiwan, 30 oktober 2025 — QNAP® Systems, Inc., a leading innovator in computing, networking, and storage solutions, successfully participated in Pwn2Own 2025, held in Cork, Ireland. Organized by the Zero Day Initiative (ZDI), Pwn2Own is one of the world’s most renowned cybersecurity competitions, where top security researchers attempt to identify zero-day vulnerabilities in widely used devices. The event promotes collaboration between vendors and the research community to strengthen product resilience and advance global cybersecurity standards.

QNAP joined this year’s competition with its TS-453E NAS and QHora-322 router, maintaining close communication with participating research teams throughout the event. Demonstrating its strong commitment to user protection, QNAP deployed an immediate defense mechanism via the Malware Remover app to global users even before the competition concluded, effectively mitigating potential risks in real time.

Following comprehensive internal validation and remediation efforts, QNAP’s Product Security Incident Response Team (PSIRT) completed patches for vulnerabilities identified during the first two days of competition and released the updates on October 27, urging all users to apply the latest firmware to ensure system security.

During an on-site interview conducted by QNAP’s representatives, one of the participating security researchers commented, “The QHora router showed noticeable improvement this year. The NAS still has a broader attack surface due to its diverse functionality, but overall, QNAP’s security capabilities have clearly advanced.” The acknowledgment reflects QNAP’s ongoing improvements in cybersecurity and its commitment to open collaboration with researchers.

Stanley Huang, Senior Manager of QNAP's Product Security Incident Response Team, stated, “We truly appreciate the contributions from the global security research community. Pwn2Own is an invaluable platform that drives innovation in cybersecurity. Every challenge is an opportunity to make our products more resilient.”

QNAP reaffirms its commitment to security-driven innovation, continually enhancing its defenses and collaborating with global researchers to deliver a safer digital experience.

In addition, the QNAP Security Bounty Program remains open and active. For more details and participation guidelines, please visit https://www.qnap.com/go/security-bounty-program.

Pwn2Own 2025 related QNAP security patches:

• https://www.qnap.com/go/security-advisory/qsa-25-45
  Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2025)

• https://www.qnap.com/go/security-advisory/qsa-25-46
  Multiple Vulnerabilities in HBS 3 Hybrid Backup Sync (PWN2ONW 2025)

• https://www.qnap.com/go/security-advisory/qsa-25-47
  Vulnerability in Malware Remover (PWN2OWN 2025)

• https://www.qnap.com/go/security-advisory/qsa-25-48)
  Vulnerability in Hyper Data Protector (PWN2OWN 2025)