A security vulnerability has emerged affecting QNAP’s NetBak PC Agent software through a critical flaw in Microsoft ASP.NET Core.
The vulnerability, tracked as CVE-2025-55315, exploits HTTP Request Smuggling techniques to bypass essential security controls and could expose thousands of backup-dependent systems to unauthorized access and data manipulation.
With a CVSS score of 8.1, this flaw represents a direct threat to organizations relying on NetBak PC Agent for data protection and system backup integrity.
https://cyberpress.org/critical-qnap-net-vulnerability/