CVE Catalog

CVE-2025-62850

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to launch a denial-of-service (DoS) attack.

Risk Assessment

The organization may be exposed to DoS attacks, which can lead to system downtime and loss of access to services.

Recommendation

It is recommended to update the system to versions where the vulnerability has been fixed, i.e., QuTS hero h5.2.9.3410 and later, QuTS hero h5.3.4.3500 and later, QuTS hero h6.0.0.3459 and later.

Original NVD description (English source)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

Vulnerability data from NVD (NIST) · CISA KEV · EPSS