CVE-2025-48725
Buffer Overflow in QNAP OS Allows Remote Memory Manipulation
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qts | 5.2.0.2737 |
| qnap | qts | 5.2.0.2744 |
| qnap | qts | 5.2.0.2782 |
| qnap | qts | 5.2.0.2802 |
| qnap | qts | 5.2.0.2823 |
| qnap | qts | 5.2.0.2851 |
| qnap | qts | 5.2.0.2860 |
| qnap | qts | 5.2.1.2930 |
| qnap | qts | 5.2.2.2950 |
| qnap | qts | 5.2.3.3006 |
| qnap | qts | 5.2.4.3070 |
| qnap | qts | 5.2.4.3079 |
| qnap | qts | 5.2.4.3092 |
| qnap | qts | 5.2.5.3145 |
| qnap | qts | 5.2.6.3195 |
| qnap | qts | 5.2.6.3229 |
| qnap | qts | 5.2.7.3256 |
| qnap | qts | 5.2.7.3297 |
| qnap | qts | 5.2.8.3332 |
| qnap | quts_hero | h5.2.0.2737 |
| qnap | quts_hero | h5.2.0.2782 |
| qnap | quts_hero | h5.2.0.2789 |
| qnap | quts_hero | h5.2.0.2802 |
| qnap | quts_hero | h5.2.0.2823 |
| qnap | quts_hero | h5.2.0.2851 |
| qnap | quts_hero | h5.2.0.2860 |
| qnap | quts_hero | h5.2.1.2929 |
| qnap | quts_hero | h5.2.1.2940 |
| qnap | quts_hero | h5.2.2.2952 |
| qnap | quts_hero | h5.2.3.3006 |
| qnap | quts_hero | h5.2.4.3070 |
| qnap | quts_hero | h5.2.4.3079 |
| qnap | quts_hero | h5.2.5.3138 |
| qnap | quts_hero | h5.2.6.3195 |
| qnap | quts_hero | h5.2.7.3256 |
| qnap | quts_hero | h5.2.7.3297 |
| qnap | quts_hero | h5.2.8.3321 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow issue affecting several versions of the QNAP operating system. It allows a remote attacker who has gained a user account to exploit the vulnerability to modify memory or cause processes to crash.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with a user account to alter memory contents or crash system processes, potentially leading to system instability or unauthorized behavior.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your QNAP operating system to QuTS hero version h5.3.2.3354 build 20251225 or later, where the vulnerability has been fixed.