Review – Public ICS Disclosures – Week of 12-27-25

Starting out the New Year with a light disclosure week. First, we have bulk disclosures from QNAP (7). Finally, we have three vendor disclosures from Moxa (2) and VMware.

Bulk Disclosures – QNAP

• Vulnerability in QuMagie,

• Multiple Vulnerabilities in QTS and QuTS hero,

• Multiple Vulnerabilities in QTS and QuTS hero,  

• Multiple Vulnerabilities in License Center,  

• Vulnerability in MARS (Multi-Application Recovery Service),

• Vulnerability in Qfiling, and

• Vulnerability in Qfinder Pro, Qsync, and QVPN Device Client (for Mac).  

Advisories

Moxa Advisory #1 - Moxa published an advisory that describes an active debug code vulnerability in their NPort 5000 Series servers.

Moxa Advisory #2 - Moxa published an advisory that describes two vulnerabilities in their NPort 6100-G2/6200-G2 Series products.

VMware Advisory - Broadcom published an advisory that discusses twelve vulnerabilities in their VMware Tanzu Greenplum Backup.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-81f - subscription required.