CVE-2025-66280
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
An integer overflow vulnerability has been reported affecting several QNAP operating system versions. A remote attacker with administrator account access can exploit this vulnerability to compromise system security.
Risk Assessment
This vulnerability could lead to serious security breaches if an attacker gains access to an administrator account. It may result in full control over the system.
Recommendation
It is recommended to update to QTS 5.2.9.3410 build 20260214 or later and the appropriate QuTS hero versions to mitigate this vulnerability.
Original NVD description (English source)
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

