What is the CVSS score of EUVD-2025-32441?

EUVD-2025-32441 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Qts are affected by EUVD-2025-32441?

Organizations using A use of externally-controlled format string vulnerability should be aware of notable risk from CVE-2025-53406 rated CVSS 6.5.. A patch is available.

How to fix or mitigate EUVD-2025-32441?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Qts EUVD-2025-32441

| CVE-2025-53406 MEDIUM

Use of Externally-Controlled Format String (CWE-134)

2025-10-03 security@qnapsecurity.com.tw

Qnap Information Disclosure Qts Quts Hero

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

5.2.6.3195

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32441

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

CVE Published

Oct 03, 2025 - 19:15 nvd

MEDIUM 6.5

DescriptionCVE.org

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.

We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Analysis

We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Technical ContextAI

This vulnerability is classified as Use of Externally-Controlled Format String (CWE-134).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More from same product – last 7 days

CVE-2025-66276 CRITICAL Act Now

9.2 Jun 10

High-severity information disclosure flaw in QNAP QTS NAS operating system versions 5.2.0 through 5.2.7.3256 build 20250

CVE-2026-41539 HIGH This Week

8.7 Jun 09

Cross-site scripting in QNAP QTS and QuTS hero operating systems allows remote attackers to bypass security mechanisms a

CVE-2026-24717 MEDIUM This Month

5.1 Jun 10

Path traversal in QNAP QTS and QuTS hero NAS operating systems exposes arbitrary file contents to attackers who have alr

CVE-2025-62858 MEDIUM This Month

5.1 Jun 09

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to co

CVE-2025-59382 LOW Monitor

1.2 Jun 10

External control of assumed-immutable web parameters in QNAP NAS software enables remote unauthenticated attackers to ac

EUVD-2025-32441 vulnerability details – vuln.today

Back

Qts EUVD-2025-32441

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code