CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability

The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions. The post QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability appeared first on SecurityWeek.

Taiwan-based QNAP Systems says its NetBak PC Agent is potentially affected by a recently disclosed ASP.NET Core vulnerability that has the “highest ever” CVSS score for an issue in the open source web development framework.

Tracked as CVE-2025-55315 (CVSS score of 9.9), the bug is an HTTP request smuggling defect that allows attackers to bypass security controls over the network, or hijack other users’ credentials.

Microsoft patched the vulnerability on October 2025 Patch Tuesday, warning that it could be exploited to leak sensitive information, tamper with file contents, or force a crash within the server.

The actual impact from the bug, .NET security program manager Barry Dorrans said, is based on how an application was built, and could allow attackers to log in as another user, bypass CSRF checks, make internal requests, and perform injection attacks.

According to QNAP, its NetBak PC Agent installs and depends on ASP.NET Core components during setup, which could result in a vulnerable version of the framework running on systems that have not been updated.

NetBak PC Agent is a Windows application that allows users to back up computer and server contents to a QNAP NAS system, and enables them to restore systems when needed.

Given the essential role the application plays in backup/restoration operations, successful exploitation of CVE-2025-55315 could have dire consequences, potentially allowing attackers to access backup data.

QNAP urges users to immediately apply the patches for ASP.NET Core, either by reinstalling the agent, or by manually downloading and installing the latest framework version.

The company makes no mention of the flaw being exploited against NetBak PC Agent users, but vulnerabilities affecting QNAP products have been popular targets for threat actors.

Related: Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Related: Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

Related: Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk

Related: BIND Updates Address High-Severity Cache Poisoning Flaws

Latest News

CYBERNEWSMEDIAPublisher