Potential Security Impact of ASP.NET Vulnerability on NetBak PC Agent

Summary

Microsoft has disclosed a security vulnerability (CVE-2025-55315) affecting ASP.NET Core that could allow an attacker to bypass security controls through HTTP Request Smuggling (CWE-444). If successfully exploited, an authenticated attacker could send specially crafted HTTP requests to the web server, resulting in unauthorized access to sensitive data, modification of server files, or limited denial-of-service conditions.

NetBak PC Agent installs and depends on Microsoft ASP.NET Core components during setup. Therefore, computers running NetBak PC Agent may contain an affected version of ASP.NET Core if the system has not been updated.

Recommendation

QNAP strongly recommends users ensure their Windows systems have the latest Microsoft ASP.NET Core updates installed.

You can update ASP.NET Core using one of the following methods:

Method 1: Reinstall NetBak PC Agent

1. Uninstall the existing NetBak PC Agent.
   Go to "Settings > Apps > Installed apps", locate NetBak PC Agent, and uninstall it.

2. Download the latest version.
   Go to NetBak PC Agent to download the latest installer.

3. Install NetBak PC Agent.
   The installer will automatically download and install the latest ASP.NET Core runtime components.

Method 2: Manually Update ASP.NET Core

1. Visit the .NET 8.0 download page.

2. Download and install the latest ASP.NET Core Runtime (Hosting Bundle).
   Note: As of October 2025, the latest version is 8.0.21.

3. Restart the application or system after installation.