QNAP security patch release for CVE-2025-62847
Security Patch Release
Summary
Hide ▲
Show ▼
QNAP has released fixes for seven zero-day vulnerabilities affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync, closing flaws that were already used to compromise NAS devices at Pwn2Own Ireland 2025. The patch bundle covers CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, CVE-2025-59389, CVE-2025-11837, CVE-2025-62840, and CVE-2025-62842. Administrators are being told to update to the latest version and change all passwords to reduce residual risk.
Related Happenings
Progress LoadMaster CVE-2026-8037 patch release
Security Patch Release
H score52
First: 30.06.2026 10:38
Last: 30.06.2026 10:38
Sources 1
About this happening:
**Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Progress LoadMaster CVE-2026-8037 patch release
Security Patch ReleaseAbout this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch Release
H score34
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch ReleaseAbout this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Dify security patch release for CVE-2026-41947
Security Patch Release
H score34
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
**Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Dify security patch release for CVE-2026-41947
Security Patch ReleaseAbout this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Apple security patch release for CVE-2025-20701
Security Patch Release
H score29
First: 18.06.2026 15:23
Last: 18.06.2026 15:23
Sources 1
About this happening:
Apple released **Beats Firmware Update 1B211** for **Beats Studio Buds** to fix **CVE-2025-20701**, closing a Bluetooth flaw that could let nearby attackers spy on conversations....
Apple security patch release for CVE-2025-20701
Security Patch ReleaseAbout this happening: Apple released **Beats Firmware Update 1B211** for **Beats Studio Buds** to fix **CVE-2025-20701**, closing a Bluetooth flaw that could let nearby attackers spy on conversations....
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Timeline
-
07.11.2025 20:24 2 articles · 8mo ago
QNAP releases fixes for seven NAS zero-days exploited at Pwn2Own Ireland 2025
Mitigation Patch UpdateQNAP released fixes for seven zero-day vulnerabilities affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync after researchers from Summoning Team, DEVCORE, Team DDOS, and a CyCraft technology intern demonstrated exploitation against QNAP NAS devices at Pwn2Own Ireland 2025. The patched flaws include CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, CVE-2025-59389, CVE-2025-11837, CVE-2025-62840, and CVE-2025-62842, with QNAP advising administrators to update to the latest versions and change all passwords.
Show sources
- QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own — www.bleepingcomputer.com — 07.11.2025 20:24
- QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own — www.bleepingcomputer.com — 07.11.2025 20:24