Is there a patch available for CVE-2025-66280?

Yes, a patch is available for CVE-2025-66280. Update the affected software to the latest version immediately.

QNAP QTS CVE-2025-66280

Q: What is the CVSS score of CVE-2025-66280?

CVE-2025-66280 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2025-210101 MEDIUM

Integer Overflow or Wraparound (CWE-190)

2026-06-10 qnap

GHSA-25q9-p4j4-6rj7

Qnap Integer Overflow Buffer Overflow

5.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.1 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 10, 2026 - 06:26 vuln.today

Patch available

Jun 10, 2026 - 05:01 EUVD

CVSS changed

Jun 10, 2026 - 04:22 NVD

5.1 (MEDIUM)

CVE Published

Jun 10, 2026 - 03:05 nvd

UNKNOWN (no severity yet)

DescriptionNVD

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

AnalysisAI

Integer overflow (CWE-190) in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained an administrator account to further compromise system integrity and availability. Affected versions span QTS 5.2.x and QuTS hero h5.2.x through h6.0.x; QNAP released patched builds in February and May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory prerequisite of administrator-level access materially constrains real-world exploitability.

Technical ContextAI

The vulnerability is classified as CWE-190 (Integer Overflow or Wraparound), a class of memory-corruption bugs where arithmetic on integer values exceeds the type's storage bounds, producing unexpected values that can corrupt heap or stack memory, bypass length checks, or trigger out-of-bounds writes. It affects two QNAP NAS operating system product lines: QTS (CPE cpe:2.3:a:qnap_systems_inc.:qts) and QuTS hero (CPE cpe:2.3:a:qnap_systems_inc.:quts_hero). QuTS hero is QNAP's ZFS-based enterprise NAS OS, while QTS is the standard NAS platform. Tags in the intelligence data also flag 'Buffer Overflow', suggesting the integer overflow can be chained into a buffer overflow condition - a common secondary effect of CWE-190 - which would explain the integrity and availability impacts reflected in the CVSS vector.

RemediationAI

The primary fix is to upgrade to one of QNAP's patched releases: QTS 5.2.9.3410 build 20260214 or later, QuTS hero h5.2.9.3410 build 20260214 or later, QuTS hero h5.3.4.3500 build 20260520 or later, or QuTS hero h6.0.0.3397 build 20260206 or later. Updates are available through the QNAP QTS/QuTS hero control panel under System > Firmware Update or via the QNAP advisory at https://www.qnap.com/en/security-advisory/qsa-26-10. As a compensating control, organizations should enforce the principle of least privilege on QNAP administrator accounts and disable remote administrator access (HTTPS/SSH) from untrusted networks or the public internet, since exploitation requires an administrator credential - eliminating exposure of admin interfaces to external networks removes the network vector entirely. Enabling two-factor authentication on administrator accounts raises the bar for credential compromise, which is the prerequisite step. Side effect of restricting remote admin access: legitimate remote management workflows will require VPN or jump-host access instead.

More from same product – last 7 days

CVE-2026-41539 HIGH This Week

8.7 Jun 09

Cross-site scripting in QNAP QTS and QuTS hero operating systems allows remote attackers to bypass security mechanisms a

CVE-2025-66273 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already

CVE-2025-66279 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero allows a remote attacker holding administrator credentials to

CVE-2026-22893 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows attackers with administrator cred

CVE-2026-24719 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows an attacker who already holds an

CVE-2025-66280 vulnerability details – vuln.today

Back

QNAP QTS CVE-2025-66280

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code