Unrated severityNVD Advisory· Published Mar 12, 2026· Updated Mar 12, 2026

Hyper Data Protector

CVE-2025-59388

Description

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access.

We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later

Affected products

Qnap/Hyper Data Protectorllm-create
Range: <2.3.1.455
QNAP Systems Inc./Hyper Data Protectorv5
Range: 2.3.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/en/security-advisory/qsa-25-48mitre

News mentions

ZDI-26-201: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability
Zero Day Initiative · Mar 16, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000