CVE-2025-62848NULL Pointer Dereference in Systems INC QTS

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 68.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap QTS+1 more
Timeline
PublishedDec 16

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5qnap_systems_inc/quts_heroh5.2.xh5.2.7.3297 build 20251024+1
NVDqnap/quts_hero20 versions+19
CVEListV5qnap_systems_inc/qts5.2.x5.2.7.3297 build 20251024
NVDqnap/qts17 versions+16

🔴Vulnerability Details

2
CVEList
QTS, QuTS hero2025-12-16
GHSA
GHSA-7vwr-42wj-qjpw: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions2025-12-16

🕵️Threat Intelligence

1
Bleepingcomputer
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own2025-11-07
CVE-2025-62848 — NULL Pointer Dereference | cvebase