QNAP warns of critical ASP.NET flaw in its Windows backup software www.bleepingcomputer.com/news/secu…
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing up data to a QNAP network-attached storage (NAS) device.
Tracked as CVE-2025-55315, this security bypass flaw was found in the Kestrel ASP.NET Core web server and enables attackers with low privileges to hijack other users' credentials or bypass front-end security controls via HTTP request smuggling.
“NetBak PC Agent installs and depends on Microsoft ASP.NET Core components during setup. Therefore, computers running NetBak PC Agent may contain an affected version of ASP.NET Core if the system has not been updated,” QNAP said.
