CVE-2025-52864
BaseFortify
Publication date: 2026-01-02
Last updated on: 2026-01-05
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | quts_hero | h5.2.0.2737 |
| qnap | quts_hero | h5.2.0.2782 |
| qnap | quts_hero | h5.2.0.2789 |
| qnap | quts_hero | h5.2.0.2802 |
| qnap | quts_hero | h5.2.0.2823 |
| qnap | quts_hero | h5.2.0.2851 |
| qnap | quts_hero | h5.2.0.2860 |
| qnap | quts_hero | h5.2.1.2929 |
| qnap | quts_hero | h5.2.1.2940 |
| qnap | quts_hero | h5.2.2.2952 |
| qnap | quts_hero | h5.2.3.3006 |
| qnap | quts_hero | h5.2.4.3070 |
| qnap | quts_hero | h5.2.4.3079 |
| qnap | quts_hero | h5.2.5.3138 |
| qnap | quts_hero | h5.2.6.3195 |
| qnap | quts_hero | h5.3.0.3115 |
| qnap | quts_hero | h5.3.0.3145 |
| qnap | quts_hero | h5.3.0.3192 |
| qnap | qts | 5.2.0.2737 |
| qnap | qts | 5.2.0.2744 |
| qnap | qts | 5.2.0.2782 |
| qnap | qts | 5.2.0.2802 |
| qnap | qts | 5.2.0.2823 |
| qnap | qts | 5.2.0.2851 |
| qnap | qts | 5.2.0.2860 |
| qnap | qts | 5.2.1.2930 |
| qnap | qts | 5.2.2.2950 |
| qnap | qts | 5.2.3.3006 |
| qnap | qts | 5.2.4.3070 |
| qnap | qts | 5.2.4.3079 |
| qnap | qts | 5.2.4.3092 |
| qnap | qts | 5.2.5.3145 |
| qnap | qts | 5.2.6.3195 |
| qnap | qts | 5.2.6.3229 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in several QNAP operating system versions. A remote attacker who has gained a user account can exploit this flaw to modify memory or cause processes to crash.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with a user account to alter memory contents or crash system processes, potentially leading to system instability or unauthorized behavior.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your QNAP operating system to one of the fixed versions: QTS 5.2.7.3256 build 20250913 or later, QuTS hero h5.2.7.3256 build 20250913 or later, or QuTS hero h5.3.0.3192 build 20250716 or later. Additionally, restrict remote user account access to trusted users only to reduce the risk of exploitation.