{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThanOrEqual": "5.0.x",
              "status": "affected",
              "version": "4.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "5.0.x",
                  "versionStartIncluding": "4.3.x",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Víctor A. Morales"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists in legacy QTS environments utilizing the NFS (Network File System) service. This vulnerability allows attackers to perform actions and potentially gain access due to the misconfiguration of NFS settings.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.0.x and later<br>"
            }
          ],
          "value": "A vulnerability exists in legacy QTS environments utilizing the NFS (Network File System) service. This vulnerability allows attackers to perform actions and potentially gain access due to the misconfiguration of NFS settings.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.x and later"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "orgId": "00000000-0000-4000-9000-000000000000"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-56"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.0.x and later<br>"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.x and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-56",
        "discovery": "EXTERNAL"
      },
      "title": "Legacy QTS with NFS enabled",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "00000000-0000-4000-9000-000000000000",
    "cveId": "CVE-2025-66276",
    "requesterUserId": "00000000-0000-4000-9000-000000000000",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}