PT-2026-1079 · Qnap · Qnap+1
Coral
·
Published
2026-01-02
·
Updated
2026-01-02
·
CVE-2025-53414
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP versions prior to 5.2.7.3256 build 20250913
QNAP QuTS hero versions prior to 5.2.7.3256 build 20250913
QNAP QuTS hero versions prior to 5.3.1.3250 build 20250912
Description
A NULL pointer dereference issue exists in QNAP operating systems. A remote attacker gaining administrator account access can exploit this to initiate a denial-of-service (DoS) attack. A NULL pointer dereference occurs when a program attempts to access a memory location that has not been assigned a valid value, leading to unpredictable behavior or program crashes.
Recommendations
Update QNAP to version 5.2.7.3256 build 20250913 or later.
Update QNAP QuTS hero to version 5.2.7.3256 build 20250913 or later.
Update QNAP QuTS hero to version 5.3.1.3250 build 20250912 or later.
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap
Quts Hero