QNAP has addressed seven zero-day vulnerabilities that were exploited during the Pwn2Own Ireland 2025 competition. These flaws affect the QTS and QuTS hero operating systems, as well as several applications, including Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities, identified by their CVE numbers, were demonstrated by various teams at the event, highlighting significant security risks for QNAP’s network-attached storage (NAS) devices. To mitigate these risks, QNAP has released software updates for affected products. Users need to update their software to specific versions: Hyper Data Protector to 2.2.4.1 or later, Malware Remover to 6.6.8.20251023 or later, and HBS 3 Hybrid Backup Sync to 26.2.0.938 or later, among others. QNAP recommends that users change all passwords after updating to enhance security. The company also reiterated the importance of regular updates to protect against vulnerabilities. In addition to fixing the zero-day vulnerabilities, QNAP released QuMagie 2.7.0, which includes a patch for a critical SQL injection vulnerability that could allow remote attackers to execute unauthorized commands on affected devices. This follows last year's patching of two other zero-days found during the previous Pwn2Own event, indicating ongoing security concerns surrounding QNAP's products. Users are encouraged to stay informed about their product's support status to ensure they receive the latest security updates.