{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"QVPN Device Client pour Mac versions 2.2.x ant\u00e9rieures \u00e0 2.2.8","product":{"name":"QVPN","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTS hero versions h5.2.8.x ant\u00e9rieures \u00e0 h5.2.8.3321 build 20251117","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}},{"description":"Qfinder Pro Mac versions 7.13.x ant\u00e9rieures \u00e0 7.13.0","product":{"name":"Qfinder","vendor":{"name":"Qnap","scada":false}}},{"description":"Qsync pour Mac versions 5.1.x ant\u00e9rieures \u00e0 5.1.5","product":{"name":"Qsync","vendor":{"name":"Qnap","scada":false}}},{"description":"QuMagie versions 2.x ant\u00e9rieures \u00e0 2.8.1","product":{"name":"QuMagie","vendor":{"name":"Qnap","scada":false}}},{"description":"License Center versions 2.0.x ant\u00e9rieures \u00e0 2.0.36","product":{"name":"License Center","vendor":{"name":"Qnap","scada":false}}},{"description":"Qfiling versions 3.13.x ant\u00e9rieures \u00e0 3.13.1","product":{"name":"Qfiling","vendor":{"name":"Qnap","scada":false}}},{"description":"QTS versions 5.2.8.x ant\u00e9rieures \u00e0 5.2.8.3332 build 20251128","product":{"name":"QTS","vendor":{"name":"Qnap","scada":false}}},{"description":"MARS (Multi-Application Recovery Service) versions 1.2.x ant\u00e9rieures \u00e0 1.2.1.1686","product":{"name":"MARS","vendor":{"name":"Qnap","scada":false}}},{"description":"QuTS hero versions h5.3.x ant\u00e9rieures \u00e0 h5.3.1.3250 build 20250912","product":{"name":"QuTS hero","vendor":{"name":"Qnap","scada":false}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2025-53590","url":"https://www.cve.org/CVERecord?id=CVE-2025-53590"},{"name":"CVE-2025-52431","url":"https://www.cve.org/CVERecord?id=CVE-2025-52431"},{"name":"CVE-2025-52864","url":"https://www.cve.org/CVERecord?id=CVE-2025-52864"},{"name":"CVE-2025-54165","url":"https://www.cve.org/CVERecord?id=CVE-2025-54165"},{"name":"CVE-2025-59381","url":"https://www.cve.org/CVERecord?id=CVE-2025-59381"},{"name":"CVE-2025-54164","url":"https://www.cve.org/CVERecord?id=CVE-2025-54164"},{"name":"CVE-2025-53414","url":"https://www.cve.org/CVERecord?id=CVE-2025-53414"},{"name":"CVE-2025-53589","url":"https://www.cve.org/CVERecord?id=CVE-2025-53589"},{"name":"CVE-2025-48721","url":"https://www.cve.org/CVERecord?id=CVE-2025-48721"},{"name":"CVE-2025-53597","url":"https://www.cve.org/CVERecord?id=CVE-2025-53597"},{"name":"CVE-2025-53405","url":"https://www.cve.org/CVERecord?id=CVE-2025-53405"},{"name":"CVE-2025-57705","url":"https://www.cve.org/CVERecord?id=CVE-2025-57705"},{"name":"CVE-2025-53596","url":"https://www.cve.org/CVERecord?id=CVE-2025-53596"},{"name":"CVE-2025-53594","url":"https://www.cve.org/CVERecord?id=CVE-2025-53594"},{"name":"CVE-2025-9110","url":"https://www.cve.org/CVERecord?id=CVE-2025-9110"},{"name":"CVE-2025-52426","url":"https://www.cve.org/CVERecord?id=CVE-2025-52426"},{"name":"CVE-2025-62852","url":"https://www.cve.org/CVERecord?id=CVE-2025-62852"},{"name":"CVE-2025-53593","url":"https://www.cve.org/CVERecord?id=CVE-2025-53593"},{"name":"CVE-2025-53592","url":"https://www.cve.org/CVERecord?id=CVE-2025-53592"},{"name":"CVE-2025-52872","url":"https://www.cve.org/CVERecord?id=CVE-2025-52872"},{"name":"CVE-2025-59380","url":"https://www.cve.org/CVERecord?id=CVE-2025-59380"},{"name":"CVE-2025-52863","url":"https://www.cve.org/CVERecord?id=CVE-2025-52863"},{"name":"CVE-2025-44013","url":"https://www.cve.org/CVERecord?id=CVE-2025-44013"},{"name":"CVE-2025-52871","url":"https://www.cve.org/CVERecord?id=CVE-2025-52871"},{"name":"CVE-2025-54166","url":"https://www.cve.org/CVERecord?id=CVE-2025-54166"},{"name":"CVE-2025-52430","url":"https://www.cve.org/CVERecord?id=CVE-2025-52430"},{"name":"CVE-2025-59384","url":"https://www.cve.org/CVERecord?id=CVE-2025-59384"},{"name":"CVE-2025-47208","url":"https://www.cve.org/CVERecord?id=CVE-2025-47208"},{"name":"CVE-2025-62857","url":"https://www.cve.org/CVERecord?id=CVE-2025-62857"},{"name":"CVE-2025-53591","url":"https://www.cve.org/CVERecord?id=CVE-2025-53591"},{"name":"CVE-2025-59387","url":"https://www.cve.org/CVERecord?id=CVE-2025-59387"}],"links":[],"reference":"CERTFR-2026-AVI-0003","revisions":[{"description":"Version initiale","revision_date":"2026-01-05T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Injection SQL (SQLi)"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap","vendor_advisories":[{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-52","url":"https://www.qnap.com/go/security-advisory/qsa-25-52"},{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-51","url":"https://www.qnap.com/go/security-advisory/qsa-25-51"},{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-50","url":"https://www.qnap.com/go/security-advisory/qsa-25-50"},{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-54","url":"https://www.qnap.com/go/security-advisory/qsa-25-54"},{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-55","url":"https://www.qnap.com/go/security-advisory/qsa-25-55"},{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-53","url":"https://www.qnap.com/go/security-advisory/qsa-25-53"},{"published_at":"2026-01-03","title":"Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-49","url":"https://www.qnap.com/go/security-advisory/qsa-25-49"}]}