Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-62848)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build...

CVE-2025-62847

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-59385

The CVE-2025-59385 issue is an authentication bypass by spoofing affecting QNAP QTS and QuTS hero OSes. The vulnerability could allow remote attackers to access restricted resources. Fixed in QTS 5.2.7.3297 (build 20251024) and QuTS hero h5.2.7.3297 (build 20251024) as well as h5.3.1.3292 (build ...

EUVD-2025-203490

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-62848

CVE-2025-62848 is a NULL pointer dereference vulnerability reported affecting multiple QNAP platforms (QTS and QuTS hero). The issue allows remote attackers to trigger a denial-of-service via network access, as described in vendor notes. Affected versions have been patched in QTS 5.2.7.3297 build...