{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T22:08:29.656","vulnerabilities":[{"cve":{"id":"CVE-2025-59388","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-03-12T02:15:58.223","lastModified":"2026-03-16T17:53:28.063","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access.\n\nWe have already fixed the vulnerability in the following version:\nHyper Data Protector 2.3.1.455 and later"},{"lang":"es","value":"Se ha informado que una vulnerabilidad de uso de contraseña codificada de forma rígida afecta a Hyper Data Protector. Los atacantes remotos pueden entonces explotar la vulnerabilidad para obtener acceso no autorizado.\n\nYa hemos corregido la vulnerabilidad en la siguiente versión:\nHyper Data Protector 2.3.1.455 y posteriores"}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Primary","description":[{"lang":"en","value":"CWE-259"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:hyper_data_protector:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0.284","versionEndExcluding":"2.3.1.455","matchCriteriaId":"E91C85D2-5E5A-47CF-B8D7-6734FA1E148A"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-25-48","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]}]}}]}