Quts Hero
CVE-2025-48725
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
AnalysisAI
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]
Technical ContextAI
Classified as CWE-120 (Classic Buffer Overflow). Affects Qts. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link r
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. Rated criti
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remot
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today