Unrated severityNVD Advisory· Published Jan 2, 2026· Updated Jan 2, 2026

Hyper Data Protector

CVE-2025-59389

Description

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later

Affected products

QNAP Systems Inc./Hyper Data Protectorv5
Range: 2.2.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/en/security-advisory/qsa-25-48mitre

News mentions

ZDI-26-202: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
Zero Day Initiative · Mar 16, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000