CVE-2025-57705

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-02

Last updated on: 2026-01-05

Assigner: QNAP Systems, Inc.

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-02

Last Modified

2026-01-05

Generated

2026-05-27

AI Q&A

2026-01-02

EPSS Evaluated

2026-05-25

NVD

CVE-2025-57705

Affected Vendors & Products

Vendor	Product	Version / Range
qnap	quts_hero	h5.2.0.2737
qnap	quts_hero	h5.2.0.2782
qnap	quts_hero	h5.2.0.2789
qnap	quts_hero	h5.2.0.2802
qnap	quts_hero	h5.2.0.2823
qnap	quts_hero	h5.2.0.2851
qnap	quts_hero	h5.2.0.2860
qnap	quts_hero	h5.2.1.2929
qnap	quts_hero	h5.2.1.2940
qnap	quts_hero	h5.2.2.2952
qnap	quts_hero	h5.2.3.3006
qnap	quts_hero	h5.2.4.3070
qnap	quts_hero	h5.2.4.3079
qnap	quts_hero	h5.2.5.3138
qnap	quts_hero	h5.2.6.3195
qnap	quts_hero	h5.3.0.3115
qnap	quts_hero	h5.3.0.3145
qnap	quts_hero	h5.3.0.3192
qnap	qts	5.2.0.2737
qnap	qts	5.2.0.2744
qnap	qts	5.2.0.2782
qnap	qts	5.2.0.2802
qnap	qts	5.2.0.2823
qnap	qts	5.2.0.2851
qnap	qts	5.2.0.2860
qnap	qts	5.2.1.2930
qnap	qts	5.2.2.2950
qnap	qts	5.2.3.3006
qnap	qts	5.2.4.3070
qnap	qts	5.2.4.3079
qnap	qts	5.2.4.3092
qnap	qts	5.2.5.3145
qnap	qts	5.2.6.3195
qnap	qts	5.2.6.3229

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-770	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability involves allocation of resources without limits or throttling in several QNAP operating system versions. A remote attacker who gains an administrator account can exploit this flaw to prevent other systems, applications, or processes from accessing the same type of resource, effectively causing a denial of service or resource starvation.

How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with administrator access to monopolize certain system resources, preventing other systems, applications, or processes from accessing them. This can lead to degraded system performance, denial of service, or disruption of normal operations.

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately update your QNAP operating system to one of the fixed versions: QTS 5.2.7.3256 build 20250913 or later, QuTS hero h5.2.7.3256 build 20250913 or later, or QuTS hero h5.3.1.3250 build 20250912 or later. Additionally, restrict administrator account access to trusted users only to prevent exploitation.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-57705

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart