QNAP has patched four vulnerabilities exploited Pwn20wn.

QNAP released patches addressing four security flaws in its SD‑WAN routers that were exploited during the Pwn2Own Ireland 2025 competition. The vulnerabilities, tracked as CVE‑2025‑62843 through CVE‑2025‑62846, allowed attackers to access sensitive information, execute code, or cause unexpected behavior. Team DDOS demonstrated exploitation of these issues by chaining multiple bugs to gain root privileges during the contest. QNAP also released additional updates for other products, including fixes for QuNetSwitch, QVR Pro, and media services, though none were reported as exploited in the wild.

Read more:

https://www.securityweek.com/qnap-patches-four-vulnerabilities-exploited-at-pwn2own/