CVE-2025-52864

HIGH

Qnap Quts Hero - Buffer Overflow

Title source: rule

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-25-50

Scores

CVSS v3 8.1

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (34)

qnap/qts 5.2.0.2737 build_20240417

qnap/qts 5.2.0.2744 build_20240424

qnap/qts 5.2.0.2782 build_20240601

qnap/qts 5.2.0.2802 build_20240620

qnap/qts 5.2.0.2823 build_20240711

qnap/qts 5.2.0.2851 build_20240808

qnap/qts 5.2.0.2860 build_20240817

qnap/qts 5.2.1.2930 build_20241025

qnap/qts 5.2.2.2950 build_20241114

qnap/qts 5.2.3.3006 build_20250108

... and 24 more

Published Jan 02, 2026

Tracked Since Feb 18, 2026