Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later
Analysis
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later
Technical ContextAI
A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL.
RemediationAI
Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link r
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. Rated criti
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remot
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-32457