Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30268

Summary
Assigner-qnap
Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f
Published At-29 Aug, 2025 | 17:16
Updated At-29 Aug, 2025 | 18:23
Rejected At-
Credits

QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qnap
Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f
Published At:29 Aug, 2025 | 17:16
Updated At:29 Aug, 2025 | 18:23
Rejected At:
â–¼CVE Numbering Authority (CNA)
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Default Status
unaffected
Versions
Affected
  • From 5.2.x before 5.2.5.3145 build 20250526 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QuTS hero
Default Status
unaffected
Versions
Affected
  • From h5.2.x before h5.2.5.3138 build 20250519 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476
Type: CWE
CWE ID: CWE-476
Description: CWE-476
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-129CAPEC-129
CAPEC ID: CAPEC-129
Description: CAPEC-129
Solutions

We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Configurations
Workarounds
Exploits
Credits
finder
coral
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-25-21
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-21
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@qnapsecurity.com.tw
Published At:29 Aug, 2025 | 18:15
Updated At:02 Sep, 2025 | 15:55

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Primarysecurity@qnapsecurity.com.tw
CWE ID: CWE-476
Type: Primary
Source: security@qnapsecurity.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qnap.com/en/security-advisory/qsa-25-21security@qnapsecurity.com.tw
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-21
Source: security@qnapsecurity.com.tw
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

79Records found
CVE-2025-44008
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-47210
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-47207
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:16
Updated-14 Nov, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44010
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44011
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-44009
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:09
Updated-08 Oct, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29873
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.71%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29889
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:14
Updated-19 Sep, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30267
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:16
Updated-22 Sep, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30275
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:16
Updated-19 Sep, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30263
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:15
Updated-19 Sep, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29876
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.71%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29879
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:06
Updated-18 Sep, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29878
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:06
Updated-18 Sep, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30262
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:15
Updated-19 Sep, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29886
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:14
Updated-18 Sep, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29888
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:14
Updated-19 Sep, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29877
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.71%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29882
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:14
Updated-22 Sep, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29874
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG+0.02%
Published-29 Aug, 2025 | 17:04
Updated-18 Sep, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-22490
Matching Score-10
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-10
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.71%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-37042
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.34% / 56.05%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 15:33
Updated-23 Sep, 2025 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-37048
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.35% / 56.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 15:32
Updated-23 Sep, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-37045
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.35% / 56.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 15:33
Updated-23 Sep, 2025 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32970
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.83%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 19:16
Updated-16 Sep, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero, QuTScloud

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqutscloudqtsQuTScloudQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-66274
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:15
Updated-12 Feb, 2026 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62848
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.15% / 35.94%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 02:25
Updated-17 Dec, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-58472
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:16
Updated-12 Feb, 2026 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-59386
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:16
Updated-12 Feb, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54147
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54148
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54146
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54163
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:17
Updated-12 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52865
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:15
Updated-14 Nov, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52857
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52858
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53592
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.14% / 33.47%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 14:56
Updated-05 Jan, 2026 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53414
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 14:54
Updated-05 Jan, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52859
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53590
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 14:55
Updated-05 Jan, 2026 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53596
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 14:56
Updated-05 Jan, 2026 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-51368
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.45%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 16:26
Updated-11 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52860
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:12
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53589
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.2||LOW
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 14:55
Updated-05 Jan, 2026 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQTSQuTS hero
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53408
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:15
Updated-14 Nov, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52866
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:14
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52854
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:11
Updated-08 Oct, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52862
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:14
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52855
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 18:11
Updated-06 Oct, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53598
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-0.6||LOW
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 12:18
Updated-12 Feb, 2026 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsync_centralQsync Central
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • Next
Details not found