CVE-2025-62850
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to launch a denial-of-service (DoS) attack.
Risk Assessment
The organization may be exposed to DoS attacks, which can lead to system downtime and loss of access to services.
Recommendation
It is recommended to update the system to versions where the vulnerability has been fixed, i.e., QuTS hero h5.2.9.3410 and later, QuTS hero h5.3.4.3500 and later, QuTS hero h6.0.0.3459 and later.
Original NVD description (English source)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

