Skip to main content

Quts Hero CVE-2025-48721

MEDIUM
Classic Buffer Overflow (CWE-120)
2026-01-02 security@qnapsecurity.com.tw
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 02, 2026 - 16:16 nvd
MEDIUM 6.5

DescriptionCVE.org

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later

AnalysisAI

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Technical ContextAI

Classified as CWE-120 (Classic Buffer Overflow). Affects Qts. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2023-39296 HIGH POC
7.5 Jan 05

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever

CVE-2024-32766 CRITICAL
10.0 Apr 26

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical

CVE-2025-66277 CRITICAL
9.8 Feb 11

Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link r

CVE-2024-21899 CRITICAL POC
9.8 Mar 08

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. Rated criti

CVE-2023-23368 CRITICAL
9.8 Nov 03

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical

CVE-2021-28804 CRITICAL
9.8 Jul 01

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),

CVE-2021-28802 CRITICAL
9.8 Jul 01

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),

CVE-2025-66276 CRITICAL
9.2 Jun 10

High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250

CVE-2025-22481 HIGH
8.8 Jun 06

Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remot

CVE-2024-21898 HIGH
8.8 Sep 06

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev

CVE-2024-27130 HIGH
8.8 May 21

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver

CVE-2024-27129 HIGH
8.8 May 21

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver

Share

CVE-2025-48721 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy