CVE-2025-62848

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3292 build 20251024

Description A flaw exists due to a NULL pointer dereference. This can allow a remote attacker to cause a denial-of-service (DoS) condition.

Recommendations Update QTS to version 5.2.7.3297 build 20251024 or later. Update QuTS hero h5.2.7 to version 5.2.7.3297 build 20251024 or later. Update QuTS hero h5.3.1 to version 5.3.1.3292 build 20251024 or later.

Fix

RCE

DoS

Use After Free

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-476

Related Identifiers

BDU:2025-16031

CVE-2025-62848

ZDI-26-199

Affected Products

Qnap Qts

Qnap Quts Hero H5.2.7

Qnap Quts Hero H5.3.1

CVE-2025-62848

Weakness Enumeration

Related Identifiers

Affected Products

References · 13