Quts Hero
CVE-2025-59386
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
AnalysisAI
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]
Technical ContextAI
Classified as CWE-476 (NULL Pointer Dereference). Affects Quts Hero. A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link r
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. Rated criti
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. Rated critical severity (CVSS 9.8),
High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remot
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system ver
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today