CVE-2025-62858

MEDIUM EPSS 35.5%
Published Jun 9, 20262w ago · Modified Jun 17, 20261w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Jun 9, 2026 2w ago
Last Modified Jun 17, 2026 1w ago

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
35.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-121

Affected Products 50

VendorProductVersionRange
qnapqts5.2.0.2737any
qnapqts5.2.0.2744any
qnapqts5.2.0.2782any
qnapqts5.2.0.2802any
qnapqts5.2.0.2823any
qnapqts5.2.0.2851any
qnapqts5.2.0.2860any
qnapqts5.2.1.2930any
qnapqts5.2.2.2950any
qnapqts5.2.3.3006any
qnapqts5.2.4.3070any
qnapqts5.2.4.3079any
qnapqts5.2.4.3092any
qnapqts5.2.5.3145any
qnapqts5.2.6.3195any
qnapqts5.2.6.3229any
qnapqts5.2.7.3256any
qnapqts5.2.7.3297any
qnapqts5.2.8.3332any
qnapqts5.2.8.3350any
qnapqts5.2.8.3359any
qnapquts_heroh5.2.0.2737any
qnapquts_heroh5.2.0.2782any
qnapquts_heroh5.2.0.2789any
qnapquts_heroh5.2.0.2802any
qnapquts_heroh5.2.0.2823any
qnapquts_heroh5.2.0.2851any
qnapquts_heroh5.2.0.2860any
qnapquts_heroh5.2.1.2929any
qnapquts_heroh5.2.1.2940any
qnapquts_heroh5.2.2.2952any
qnapquts_heroh5.2.3.3006any
qnapquts_heroh5.2.4.3070any
qnapquts_heroh5.2.4.3079any
qnapquts_heroh5.2.5.3138any
qnapquts_heroh5.2.6.3195any
qnapquts_heroh5.2.7.3256any
qnapquts_heroh5.2.7.3297any
qnapquts_heroh5.2.8.3321any
qnapquts_heroh5.2.8.3350any
qnapquts_heroh5.2.8.3359any
qnapquts_heroh5.3.0.3115any
qnapquts_heroh5.3.0.3145any
qnapquts_heroh5.3.0.3192any
qnapquts_heroh5.3.1.3250any
qnapquts_heroh5.3.1.3292any
qnapquts_heroh5.3.2.3354any
qnapquts_heroh5.3.3.3424any
qnapquts_heroh6.0.0.3324any
qnapquts_heroh6.0.0.3382any

References 1

  • qnap.com https://www.qnap.com/en/security-advisory/qsa-26-10
    Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.