QNAP QuTS hero EUVD-2025-210097

Q: What is the CVSS score of EUVD-2025-210097?

EUVD-2025-210097 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2025-62850 MEDIUM

NULL Pointer Dereference (CWE-476)

2026-06-10 qnap

GHSA-53hc-rhp5-vgx7

Denial Of Service Null Pointer Dereference Qnap

5.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.1 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 10, 2026 - 06:27 vuln.today

CVSS changed

Jun 10, 2026 - 04:22 NVD

5.1 (MEDIUM)

CVE Published

Jun 10, 2026 - 02:34 nvd

UNKNOWN (no severity yet)

DescriptionNVD

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

AnalysisAI

NULL pointer dereference in QNAP QuTS hero NAS operating system allows a remote attacker who has already obtained or possesses an administrator account to trigger a denial-of-service condition, crashing affected services. Affected branches span QuTS hero h5.2.x, h5.3.x, and h6.0.x series, with vendor-released patches available as of early-to-mid 2026. No public exploit code or CISA KEV listing has been identified at time of analysis, and the mandatory prerequisite of high-privilege authentication substantially constrains real-world impact.

Technical ContextAI

QNAP QuTS hero is a ZFS-based NAS operating system developed by QNAP Systems Inc., differentiated from the standard QTS line by its use of the ZFS file system for data integrity and snapshot capabilities. The affected CPE is cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:* across multiple version branches. The root cause is classified as CWE-476 (NULL Pointer Dereference), a memory-safety weakness where code attempts to dereference a pointer that has not been initialized or has been set to NULL, causing the process to crash. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N) confirms the vulnerability is reachable over the network with low attack complexity and no special attack conditions, but strictly requires high-privilege (administrator-level) access. The sole impact is a low-severity availability degradation (VA:L), with no confidentiality or integrity consequences.

RemediationAI

The primary remediation is to upgrade QuTS hero to the patched versions released by QNAP: for the h5.2.x branch, upgrade to h5.2.9.3410 build 20260214 or later; for the h5.3.x branch, upgrade to h5.3.4.3500 build 20260520 or later; for the h6.0.x branch, upgrade to h6.0.0.3459 build 20260409 or later. Updates can be applied via the QNAP App Center or by downloading firmware directly from the QNAP support portal, referencing advisory QSA-26-38 at https://www.qnap.com/en/security-advisory/qsa-26-38. As a compensating control where immediate patching is not feasible, restrict administrator account access by enforcing strong unique passwords, enabling multi-factor authentication on the admin interface, and blocking external network access to the NAS management interface (typically port 8080/8443) at the perimeter firewall - this raises the bar for an attacker to first acquire the administrator credentials required to trigger the vulnerability. Note that blocking management ports may affect remote administration workflows.

More from same product – last 7 days

CVE-2026-41539 HIGH This Week

8.7 Jun 09

Cross-site scripting in QNAP QTS and QuTS hero operating systems allows remote attackers to bypass security mechanisms a

CVE-2025-66273 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already

CVE-2025-66279 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero allows a remote attacker holding administrator credentials to

CVE-2026-22893 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows attackers with administrator cred

CVE-2026-24719 HIGH This Week

8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows an attacker who already holds an

EUVD-2025-210097 vulnerability details – vuln.today

Back

QNAP QuTS hero EUVD-2025-210097

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code