Vulnerability in GNU C Library

Summary

A vulnerability identified as CVE-2025-4802 has been reported to affect GNU C Library (glibc) versions 2.27 to 2.38. If exploited, this vulnerability allows a local attacker to load malicious shared libraries, escalate privileges, and execute arbitrary code.

After thorough investigation, we have determined that none of our current products are affected by this vulnerability. QNAP's firmware and applications do not utilize the affected versions.

Recommendation

No action is required from QNAP users regarding this vulnerability.

QNAP remains committed to monitoring security vulnerabilities and will provide updates if any new information arises.

To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

References

• NVD: CVE-2025-4802

• Red Hat Customer Portal: CVE-2025-4802

• Wiz Vulnerability Database: CVE-2025-4802