CVE-2025-47208

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-02

Last updated on: 2026-01-05

Assigner: QNAP Systems, Inc.

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-02

Last Modified

2026-01-05

Generated

2026-05-07

AI Q&A

2026-01-02

EPSS Evaluated

2026-05-05

NVD

CVE-2025-47208

Affected Vendors & Products

Vendor	Product	Version / Range
qnap	quts_hero	h5.2.0.2737
qnap	quts_hero	h5.2.0.2782
qnap	quts_hero	h5.2.0.2789
qnap	quts_hero	h5.2.0.2802
qnap	quts_hero	h5.2.0.2823
qnap	quts_hero	h5.2.0.2851
qnap	quts_hero	h5.2.0.2860
qnap	quts_hero	h5.2.1.2929
qnap	quts_hero	h5.2.1.2940
qnap	quts_hero	h5.2.2.2952
qnap	quts_hero	h5.2.3.3006
qnap	quts_hero	h5.2.4.3070
qnap	quts_hero	h5.2.4.3079
qnap	quts_hero	h5.2.5.3138
qnap	quts_hero	h5.2.6.3195
qnap	quts_hero	h5.3.0.3115
qnap	quts_hero	h5.3.0.3145
qnap	quts_hero	h5.3.0.3192
qnap	qts	5.2.0.2737
qnap	qts	5.2.0.2744
qnap	qts	5.2.0.2782
qnap	qts	5.2.0.2802
qnap	qts	5.2.0.2823
qnap	qts	5.2.0.2851
qnap	qts	5.2.0.2860
qnap	qts	5.2.1.2930
qnap	qts	5.2.2.2950
qnap	qts	5.2.3.3006
qnap	qts	5.2.4.3070
qnap	qts	5.2.4.3079
qnap	qts	5.2.4.3092
qnap	qts	5.2.5.3145
qnap	qts	5.2.6.3195
qnap	qts	5.2.6.3229

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-770	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability involves the allocation of resources without limits or throttling in several QNAP operating system versions. A remote attacker who gains a user account can exploit this flaw to prevent other systems, applications, or processes from accessing the same type of resource.

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately update your QNAP operating system to version QTS 5.2.6.3195 build 20250715 or later, or QuTS hero h5.2.6.3195 build 20250715 or later, where the vulnerability has been fixed. Additionally, restrict remote user account access to trusted users only to reduce the risk of exploitation.

How can this vulnerability impact me? :

The vulnerability can allow an attacker with a user account to exhaust or monopolize certain system resources, thereby preventing other systems, applications, or processes from accessing those resources. This can lead to denial of service or degraded performance.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-47208

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart