CVE-2025-48721
BaseFortify
Publication date: 2026-01-02
Last updated on: 2026-01-06
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qts | 5.2.0.2737 |
| qnap | qts | 5.2.0.2744 |
| qnap | qts | 5.2.0.2782 |
| qnap | qts | 5.2.0.2802 |
| qnap | qts | 5.2.0.2823 |
| qnap | qts | 5.2.0.2851 |
| qnap | qts | 5.2.0.2860 |
| qnap | qts | 5.2.1.2930 |
| qnap | qts | 5.2.2.2950 |
| qnap | qts | 5.2.3.3006 |
| qnap | qts | 5.2.4.3070 |
| qnap | qts | 5.2.4.3079 |
| qnap | qts | 5.2.4.3092 |
| qnap | qts | 5.2.5.3145 |
| qnap | qts | 5.2.6.3195 |
| qnap | qts | 5.2.6.3229 |
| qnap | qts | 5.2.7.3256 |
| qnap | qts | 5.2.7.3297 |
| qnap | quts_hero | h5.2.0.2737 |
| qnap | quts_hero | h5.2.0.2782 |
| qnap | quts_hero | h5.2.0.2789 |
| qnap | quts_hero | h5.2.0.2802 |
| qnap | quts_hero | h5.2.0.2823 |
| qnap | quts_hero | h5.2.0.2851 |
| qnap | quts_hero | h5.2.0.2860 |
| qnap | quts_hero | h5.2.1.2929 |
| qnap | quts_hero | h5.2.1.2940 |
| qnap | quts_hero | h5.2.2.2952 |
| qnap | quts_hero | h5.2.3.3006 |
| qnap | quts_hero | h5.2.4.3070 |
| qnap | quts_hero | h5.2.4.3079 |
| qnap | quts_hero | h5.2.5.3138 |
| qnap | quts_hero | h5.2.6.3195 |
| qnap | quts_hero | h5.2.7.3256 |
| qnap | quts_hero | h5.2.7.3297 |
| qnap | quts_hero | h5.3.0.3115 |
| qnap | quts_hero | h5.3.0.3145 |
| qnap | quts_hero | h5.3.0.3192 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in several QNAP operating system versions. If a remote attacker obtains an administrator account, they can exploit this flaw to modify memory or cause processes to crash.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with administrator access to alter memory contents or crash system processes, potentially leading to system instability or unauthorized actions.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update your QNAP operating system to version QTS 5.2.8.3332 build 20251128 or later, where the vulnerability has been fixed.