Vulnerability Details CVE-2025-44015
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.5%
CVSS Severity
CVSS v3 Score 8.4
Products affected by CVE-2025-44015
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.0
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.1
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.10
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.11
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.12
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.13
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.14
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.15
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.16
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.17
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.2
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.3
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.4
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.5
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.6
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.7
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.8
-
cpe:2.3:a:qnap:hybriddesk_station:4.2.9