How to fix EUVD-2025-208893?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is Media Streaming Add On affected by EUVD-2025-208893?

CVE-2025-59383 is a low-severity vulnerability in the following (CVSS 2.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

EUVD-2025-208893

| CVE-2025-59383 LOW

2026-03-20 qnap

2.7

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 20, 2026 - 16:30 euvd

EUVD-2025-208893

Analysis Generated

Mar 20, 2026 - 16:30 vuln.today

CVE Published

Mar 20, 2026 - 16:22 nvd

LOW 2.7

Description

A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later

Analysis

A stack-based buffer overflow vulnerability exists in QNAP Media Streaming Add-On that allows remote attackers to corrupt memory or crash the affected process. All versions prior to 500.1.1 are vulnerable, and the attack requires no authentication or user interaction. While no CVSS score or EPSS data is currently available, the presence of a confirmed patch and the critical nature of buffer overflow vulnerabilities in media processing software suggests this warrants immediate patching.

Technical Context

The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow), a classic memory safety issue where untrusted input exceeds allocated stack buffer boundaries in the Media Streaming Add-On service. The affected component is identified via CPE as cpe:2.3:a:qnap_systems_inc.:media_streaming_add-on:*:*:*:*:*:*:*:*, indicating the entire product line across all versions below 500.1.1 is vulnerable. Media streaming applications typically process various file formats and network protocols, making them common targets for buffer overflow exploitation due to the complexity of media codec parsing and protocol handling.

Affected Products

QNAP Media Streaming Add-On versions prior to 500.1.1 are affected, as confirmed by CPE cpe:2.3:a:qnap_systems_inc.:media_streaming_add-on:*:*:*:*:*:*:*:*. The vulnerability impacts all installations running versions below 500.1.1. Detailed version information and affected device models are available in the QNAP security advisory at https://www.qnap.com/en/security-advisory/qsa-26-09.

Remediation

Upgrade QNAP Media Streaming Add-On to version 500.1.1 or later immediately via the QNAP management interface or official firmware update channels. Consult the security advisory at https://www.qnap.com/en/security-advisory/qsa-26-09 for specific device model update procedures. Until patching is completed, restrict network access to the Media Streaming Add-On service to trusted internal networks only using firewall rules, and disable the service if it is not in active use. Monitor system logs for unexpected crashes or suspicious network connections to the streaming service.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +14

POC: 0

EUVD-2025-208893 vulnerability details – vuln.today

Back

EUVD-2025-208893

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-208893

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code