QNAP NetBak PC Agent ASP.NET Core mitigation
Advisory/Mitigation
Summary
Hide ▲
Show ▼
QNAP issued mitigation guidance for Windows systems running NetBak PC Agent after CVE-2025-55315 was identified in ASP.NET Core. The company said affected PCs should be reinstalled or updated to reduce exposure to the security-bypass flaw. The advisory matters because the issue can enable credential hijacking and bypass of front-end security controls through HTTP request smuggling.
Related Happenings
PowerShell Invoke-WebRequest remote code execution zero-day (CVE-2025-54100)
Vulnerability
First: 09.12.2025 21:54
Last: 09.12.2025 21:54
Sources 1
About this happening:
**Microsoft** fixed **CVE-2025-54100** in **PowerShell 5.1 Invoke-WebRequest**, a **remote code execution zero-day** that could execute **malicious scripts** embedded in a webpage...
PowerShell Invoke-WebRequest remote code execution zero-day (CVE-2025-54100)
VulnerabilityAbout this happening: **Microsoft** fixed **CVE-2025-54100** in **PowerShell 5.1 Invoke-WebRequest**, a **remote code execution zero-day** that could execute **malicious scripts** embedded in a webpage...
Windows Kernel privilege escalation flaw (CVE-2025-62215, actively exploited)
Vulnerability
First: 11.11.2025 22:23
Last: 11.11.2025 22:23
Sources 1
About this happening:
**CVE-2025-62215** is an **actively exploited** **Windows Kernel** privilege-escalation flaw that can turn a **post-compromise foothold** into **admin-level rights**. Microsoft ti...
Windows Kernel privilege escalation flaw (CVE-2025-62215, actively exploited)
VulnerabilityAbout this happening: **CVE-2025-62215** is an **actively exploited** **Windows Kernel** privilege-escalation flaw that can turn a **post-compromise foothold** into **admin-level rights**. Microsoft ti...
ViewState deserialization attack wave (2025)
Exploitation Wave
First: 05.09.2025 01:05
Last: 05.09.2025 01:05
Sources 1
About this happening:
A **2025 ViewState deserialization attack wave** is continuing to expose **ASP.NET** deployments to **remote code execution** when machine keys are leaked or improperly protected....
ViewState deserialization attack wave (2025)
Exploitation WaveAbout this happening: A **2025 ViewState deserialization attack wave** is continuing to expose **ASP.NET** deployments to **remote code execution** when machine keys are leaked or improperly protected....
Timeline
-
27.10.2025 18:55 1 articles · 7mo ago
QNAP advises updating NetBak PC Agent systems
Mitigation Patch UpdateQNAP warned customers that Windows systems running NetBak PC Agent may contain an affected version of Microsoft ASP.NET Core if the system has not been updated, and advised users to either reinstall NetBak PC Agent to refresh the ASP.NET Core runtime components or manually install the latest ASP.NET Core Runtime (Hosting Bundle) from the .NET 8.0 download page to reduce exposure to CVE-2025-55315.
Show sources
- QNAP warns of critical ASP.NET flaw in its Windows backup software — www.bleepingcomputer.com — 27.10.2025 18:55