Unrated severityNVD Advisory· Published Jan 2, 2026· Updated Jan 5, 2026

Malware Remover

CVE-2025-11837

Description

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism.

We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later

Affected products

QNAP Systems Inc./Malware Removerv5
Range: 6.6.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/en/security-advisory/qsa-25-47mitre

News mentions

ZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
Zero Day Initiative · Mar 16, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000