QNAP Warns of Critical Flaw in Windows Backup Tool

QNAP has issued an urgent security alert, urging users to patch a critical ASP.NET Core vulnerability that affects its NetBak PC Agent software. The flaw, tracked as CVE-2025-55315, exposes systems running the Windows-based backup utility to potential exploitation. This vulnerability originates from ASP.NET Core, a web framework developed by Microsoft, and could allow attackers to compromise data backups stored on QNAP network-attached storage (NAS) devices. QNAP warns of critical flaw implications that extend beyond third-party software, directly impacting its own backup ecosystem.

The company confirmed that NetBak PC Agent incorporates affected ASP.NET components, making immediate updates essential. QNAP warns of critical flaw risks and advises customers to apply the latest security patches to maintain data integrity and system protection. The vulnerability highlights the broader impact of third-party software dependencies within enterprise solutions, especially in backup and storage tools.

For more details, read the full security advisory at:
https://www.bleepingcomputer.com/news/security/qnap-warns-its-windows-backup-software-is-also-affected-by-critical-aspnet-flaw/