CVE-2025-62852
BaseFortify
Publication date: 2026-01-02
Last updated on: 2026-01-06
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qts | 5.2.0.2737 |
| qnap | qts | 5.2.0.2744 |
| qnap | qts | 5.2.0.2782 |
| qnap | qts | 5.2.0.2802 |
| qnap | qts | 5.2.0.2823 |
| qnap | qts | 5.2.0.2851 |
| qnap | qts | 5.2.0.2860 |
| qnap | qts | 5.2.1.2930 |
| qnap | qts | 5.2.2.2950 |
| qnap | qts | 5.2.3.3006 |
| qnap | qts | 5.2.4.3070 |
| qnap | qts | 5.2.4.3079 |
| qnap | qts | 5.2.4.3092 |
| qnap | qts | 5.2.5.3145 |
| qnap | qts | 5.2.6.3195 |
| qnap | qts | 5.2.6.3229 |
| qnap | qts | 5.2.7.3256 |
| qnap | qts | 5.2.7.3297 |
| qnap | quts_hero | h5.2.0.2737 |
| qnap | quts_hero | h5.2.0.2782 |
| qnap | quts_hero | h5.2.0.2789 |
| qnap | quts_hero | h5.2.0.2802 |
| qnap | quts_hero | h5.2.0.2823 |
| qnap | quts_hero | h5.2.0.2851 |
| qnap | quts_hero | h5.2.0.2860 |
| qnap | quts_hero | h5.2.1.2929 |
| qnap | quts_hero | h5.2.1.2940 |
| qnap | quts_hero | h5.2.2.2952 |
| qnap | quts_hero | h5.2.3.3006 |
| qnap | quts_hero | h5.2.4.3070 |
| qnap | quts_hero | h5.2.4.3079 |
| qnap | quts_hero | h5.2.5.3138 |
| qnap | quts_hero | h5.2.6.3195 |
| qnap | quts_hero | h5.2.7.3256 |
| qnap | quts_hero | h5.2.7.3297 |
| qnap | quts_hero | h5.3.0.3115 |
| qnap | quts_hero | h5.3.0.3145 |
| qnap | quts_hero | h5.3.0.3192 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in several QNAP operating system versions. If a remote attacker obtains an administrator account, they can exploit this vulnerability to modify memory or cause processes to crash.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with administrator access to alter memory contents or crash system processes, potentially leading to system instability or unauthorized actions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your QNAP operating system to version QTS 5.2.8.3332 build 20251128 or later, where the vulnerability has been fixed. Additionally, restrict administrator account access to trusted users only to prevent remote attackers from gaining such access.