CVE-2025-52871
BaseFortify
Publication date: 2026-01-02
Last updated on: 2026-01-05
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | license_center | From 2.0.17 (inc) to 2.0.36 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52871 is an out-of-bounds read vulnerability in QNAP License Center. If a remote attacker gains access to a user account, they can exploit this flaw to read data outside the intended memory boundaries, allowing them to obtain secret data. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with a user account to access secret or sensitive data that they should not normally be able to see, potentially leading to data leakage or exposure of confidential information. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update QNAP License Center to version 2.0.36 or later. This can be done by logging into QTS or QuTS hero as an administrator, accessing the App Center, searching for "License Center," and applying the update if available. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.