QNAP NAS Backup Hit by Critical .NET Credential Flaw

A critical vulnerability in Microsoft’s ASP.NET framework, tracked as CVE-2025-55315, is now actively affecting QNAP NAS Backup utility users, exposing them to credential theft. Microsoft addressed the flaw with a recent security update, rating it 9.8 on the CVSS scale. Although initially thought to have limited impact, security researchers have since confirmed exploitation in real-world environments.

The issue allows attackers to intercept sensitive data through improper authentication handling. QNAP NAS Backup users face heightened risks, as the vulnerability can enable unauthorized access to backup configurations and stored credentials. The flaw joins a list of other identified security issues, including CVE-2025-11371, CVE-2025-54253, and CVE-2025-27915, all of which underscore the urgency of applying security patches without delay.

Administrators should immediately review system configurations and update all vulnerable components. For further technical details and mitigation steps, read the full article at the following link:

Critical .NET Flaw (CVE-2025-55315) in QNAP: NAS Backup Utility Vulnerable to Credential Theft