Microsoft disclosed a critical vulnerability (CVE-2025-55315) in ASP.NET Core related to HTTP Request Smuggling, which affects QNAP’s NetBak PC Agent used for backing up data. This flaw enables authenticated attackers to craft malicious HTTP requests that can lead to unauthorized access and modifications of sensitive data. As per QNAP, systems reliant on outdated .NET components are particularly vulnerable, especially those running versions of ASP.NET Core prior to 8.0.21. The potential for insider threats increases the urgency of addressing this vulnerability, considering its ability to bypass essential security controls.
QNAP has issued guidance for users to promptly verify and update their systems. This involves uninstalling the current version of NetBak PC Agent and downloading the latest version from QNAP’s official site. Alternatively, users can install the latest ASP.NET Core Runtime Hosting Bundle manually, ensuring that their systems are secure. As cybersecurity threats become increasingly sophisticated, the ongoing nature of this investigation by QNAP highlights the importance of vigilant patch management within software ecosystems to mitigate risks associated with vulnerabilities like this one.
👉 Pročitaj original: Cyber Security News
