Qnap Systems Inc. Quts Hero vulnerabilities
217 known vulnerabilities affecting qnap_systems_inc./quts_hero.
Total CVEs
217
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH80MEDIUM90LOW36
Vulnerabilities
Page 2 of 11
CVE-2025-53405LOWCVSS 1.2≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.1.3250 build 202509122026-01-02
CVE-2025-53405 [LOW] CWE-476 CVE-2025-53405: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
cvelistv5nvd
CVE-2025-52863LOWCVSS 1.3≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.0.3192 build 202507162026-01-02
CVE-2025-52863 [LOW] CWE-120 CVE-2025-52863: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build
cvelistv5nvd
CVE-2025-53596LOWCVSS 1.2≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.1.3250 build 202509122026-01-02
CVE-2025-53596 [LOW] CWE-476 CVE-2025-53596: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
cvelistv5nvd
CVE-2025-52864LOWCVSS 1.3≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.0.3192 build 202507162026-01-02
CVE-2025-52864 [LOW] CWE-120 CVE-2025-52864: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build
cvelistv5nvd
CVE-2025-52430LOWCVSS 1.2≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.1.3250 build 202509122026-01-02
CVE-2025-52430 [LOW] CWE-476 CVE-2025-52430: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
cvelistv5nvd
CVE-2025-53591LOWCVSS 1.2≥ h5.3.x, < h5.3.1.3250 build 20250912≥ h5.2.x, < h5.2.7.3256 build 202509132026-01-02
CVE-2025-53591 [LOW] CWE-134 CVE-2025-53591: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 202509
cvelistv5nvd
CVE-2025-52872LOWCVSS 1.3≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.0.3192 build 202507162026-01-02
CVE-2025-52872 [LOW] CWE-120 CVE-2025-52872: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build
cvelistv5nvd
CVE-2025-9110LOWCVSS 2.7≥ h5.2.x, < h5.2.8.3321 build 20251117≥ h5.3.x, < h5.3.1.3250 build 202509122026-01-02
CVE-2025-9110 [LOW] CWE-497 CVE-2025-9110: An exposure of sensitive system information to an unauthorized control sphere vulnerability has been
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS h
cvelistv5nvd
CVE-2025-53592LOWCVSS 1.3≥ h5.2.x, < h5.2.7.3256 build 20250913≥ h5.3.x, < h5.3.1.3250 build 202509122026-01-02
CVE-2025-53592 [LOW] CWE-476 CVE-2025-53592: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero
cvelistv5nvd
CVE-2025-59385HIGHCVSS 8.1≥ h5.2.x, < h5.2.7.3297 build 20251024≥ h5.3.x, < h5.3.1.3292 build 202510242025-12-16
CVE-2025-59385 [HIGH] CWE-290 CVE-2025-59385: An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operatin
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 202
cvelistv5nvd
CVE-2025-62848HIGHCVSS 8.1≥ h5.2.x, < h5.2.7.3297 build 20251024≥ h5.3.x, < h5.3.1.3292 build 202510242025-12-16
CVE-2025-62848 [HIGH] CWE-476 CVE-2025-62848: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024
cvelistv5nvd
CVE-2025-62849MEDIUMCVSS 5.2≥ h5.2.x, < h5.2.7.3297 build 20251024≥ h5.3.x, < h5.3.1.3292 build 202510242025-12-16
CVE-2025-62849 [MEDIUM] CWE-89 CVE-2025-62849: An SQL injection vulnerability has been reported to affect several QNAP operating system versions. T
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
cvelistv5nvd
CVE-2025-62847MEDIUMCVSS 6.6≥ h5.2.x, < h5.2.7.3297 build 20251024≥ h5.3.x, < h5.3.1.3292 build 202510242025-12-16
CVE-2025-62847 [MEDIUM] CWE-88 CVE-2025-62847: An improper neutralization of argument delimiters in a command vulnerability has been reported to af
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.
cvelistv5nvd
CVE-2025-47212MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-47212 [MEDIUM] CWE-78 CVE-2025-47212: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3
cvelistv5nvd
CVE-2025-52858MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52858 [MEDIUM] CWE-476 CVE-2025-52858: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52862MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52862 [MEDIUM] CWE-476 CVE-2025-52862: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52424MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52424 [MEDIUM] CWE-476 CVE-2025-52424: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52433MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52433 [MEDIUM] CWE-476 CVE-2025-52433: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52857MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52857 [MEDIUM] CWE-476 CVE-2025-52857: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52860MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52860 [MEDIUM] CWE-476 CVE-2025-52860: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd