Main Vulnerability Database Vulnerabilities #VU124215

Improper restriction of communication channel to intended endpoints in QuRouter - CVE-2025-62843

Published: March 23, 2026

Vulnerability identifier: #VU124215

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-62843

CWE-ID: CWE-923

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: QNAP Systems, Inc.

Affected software:
QuRouter

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper restriction of communication channel to intended endpoints. An attacker with physical access can gain elevated privileges on the target system.

How to mitigate CVE-2025-62843

Install updates from vendor's website.

Sources

https://www.qnap.com/en/security-advisory/qsa-26-12

Improper restriction of communication channel to intended endpoints in QuRouter - CVE-2025-62843

Detailed vulnerability description

How to mitigate CVE-2025-62843

Sources

Please verify you're human