2 matches found
CVE-2025-52853 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-48730
The CVE-2025-48730 issue is a use of externally-controlled format string vulnerability affecting QNAP QTS and QuTS Hero. The root cause is formatting strings controlled by external input, enabling a remote attacker with an administrator account to obtain secret data or modify memory. Affected ver...