Quts Hero
CVE-2025-57705
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
AnalysisAI
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1...
Technical ContextAI
This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) affects Quts Hero. An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.32
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link r
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. Rated criti
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remot
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
Share
External POC / Exploit Code
Leaving vuln.today