Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-47205

Summary
Assigner-qnap
Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f
Published At-11 Feb, 2026 | 12:19
Updated At-11 Feb, 2026 | 14:33
Rejected At-
Credits

QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qnap
Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f
Published At:11 Feb, 2026 | 12:19
Updated At:11 Feb, 2026 | 14:33
Rejected At:
â–¼CVE Numbering Authority (CNA)
QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Default Status
unaffected
Versions
Affected
  • From 5.2.x before 5.2.8.3332 build 20251128 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QuTS hero
Default Status
unaffected
Versions
Affected
  • From h5.2.x before h5.2.8.3321 build 20251117 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476
Type: CWE
CWE ID: CWE-476
Description: CWE-476
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-129CAPEC-129
CAPEC ID: CAPEC-129
Description: CAPEC-129
Solutions

We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Configurations
Workarounds
Exploits
Credits
finder
coral
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-26-05
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-26-05
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@qnapsecurity.com.tw
Published At:11 Feb, 2026 | 13:15
Updated At:27 Feb, 2026 | 12:59

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2737
cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2744
cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2782
cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2802
cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2823
cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2851
cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.0.2860
cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.1.2930
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.2.2950
cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.3.3006
cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.4.3070
cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.4.3079
cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.4.3092
cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.5.3145
cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.6.3195
cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.6.3229
cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.7.3256
cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.2.7.3297
cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2737
cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2782
cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2789
cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2802
cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2823
cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2851
cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.0.2860
cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.1.2929
cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.1.2940
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.2.2952
cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.3.3006
cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.4.3070
cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.4.3079
cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.5.3138
cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.6.3195
cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.7.3256
cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.2.7.3297
cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarysecurity@qnapsecurity.com.tw
CWE ID: CWE-476
Type: Primary
Source: security@qnapsecurity.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qnap.com/en/security-advisory/qsa-26-05security@qnapsecurity.com.tw
Vendor Advisory
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-26-05
Source: security@qnapsecurity.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

108Records found
CVE-2026-33600
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-4.4||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 09:33
Updated-27 Apr, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in RPZ transfer

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Action-Not Available
Vendor-powerdnsPowerDNS
Product-recursorRecursor
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-0401
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.36% / 58.04%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 14:55
Updated-26 Feb, 2026 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz370tz480nssp_15700tz570tz270tz80nsa_4700tz470wnsa_2800nsa_3700tz670tz470nssp_13700nssp_10700nsa_5700nsa_2700nsv470tz570wnsa_4800tz680tz270wnsa_6700nsv870nsv270nsa_5800tz580tz280sonicostz570pnsa_3800tz380nssp_11700tz370wSonicOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-64169
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 24.61%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 18:39
Updated-02 Dec, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh NULL pointer dereference in fim_alert line 666

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-2487
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 16:25
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: null pointer dereference leads to denial of service

A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat Directory Server 12.4 EUS for RHEL 9Red Hat Directory Server 12Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-8402
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.98%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 17:01
Updated-01 Oct, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nil pointer dereference in bulk import crashes server

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-11499
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 40.17%
||
7 Day CHG+0.07%
Published-25 Mar, 2025 | 12:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-RTU500
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1995
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.32% / 55.31%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Management server rasmgr denial of service

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-12514
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.6||MEDIUM
EPSS-0.45% / 64.03%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 19:01
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pepper+Fuchs Comtrol IO-Link Master NULL Pointer Dereference

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

Action-Not Available
Vendor-pepperl-fuchsPepper+Fuchs
Product-io-link_master_dr-8-eip_firmwareio-link_master_dr-8-pnio-p_firmwareio-link_master_dr-8-pnio-tio-link_master_dr-8-eipio-link_master_dr-8-eip-t_firmwareio-link_master_4-eip_firmwareio-link_master_dr-8-eip-p_firmwareio-link_master_4-pnioio-link_master_8-pnio-lio-link_master_8-pnio-l_firmwareio-link_master_4-pnio_firmwareio-link_master_dr-8-pnio-t_firmwareio-link_master_4-eipio-link_master_8-eip-lio-link_master_8-pnio_firmwareio-link_master_8-eip_firmwareio-link_master_8-eip-l_firmwareio-link_master_dr-8-pnio-pio-link_master_dr-8-eip-pio-link_master_8-pnioio-link_master_8-eipio-link_master_dr-8-pnio_firmwareio-link_master_dr-8-eip-tio-link_master_dr-8-pnioComtrol IO-Link Master
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found