Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-52863)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-59380 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

CVE-2025-53590

CVE-2025-53590 is a NULL pointer dereference vulnerability affecting QNAP QTS/QuTS hero operating systems. A remote attacker who has an administrator account can exploit this to cause a denial-of-service. The issue impacts several QNAP OS versions, with remediation implemented in QTS 5.2.7.3256 b...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems, a Taiwan, China-based company. A security vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from a buffer overflow that could result in...

PT-2023-9126 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 Description: A buffer copy without checking the size of input issue has been reported, which could allow authenticated...

PT-2023-9124 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 Description: A buffer copy without checking the size of input issue has been reported, which could allow authenticated...