SB2025100744 - Multiple vulnerabilities in QNAP QTS and QuTS hero 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025100744

SB2025100744 - Multiple vulnerabilities in QNAP QTS and QuTS hero

Published: October 7, 2025

Security Bulletin ID SB2025100744
Severity
Low
Patch available
YES
Number of vulnerabilities 26
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 26 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2025-52853)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


2) Format string error (CVE-ID: CVE-2025-53407)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to use of externally-controlled format string. A remote administrator can supply a specially crafted input that contains format string specifiers and obtain secret data or modify memory.


3) Format string error (CVE-ID: CVE-2025-53406)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to use of externally-controlled format string. A remote administrator can supply a specially crafted input that contains format string specifiers and obtain secret data or modify memory.


4) Format string error (CVE-ID: CVE-2025-52429)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to use of externally-controlled format string. A remote administrator can supply a specially crafted input that contains format string specifiers and obtain secret data or modify memory.


5) Format string error (CVE-ID: CVE-2025-48730)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to use of externally-controlled format string. A remote administrator can supply a specially crafted input that contains format string specifiers and obtain secret data or modify memory.


6) NULL pointer dereference (CVE-ID: CVE-2025-52866)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


7) NULL pointer dereference (CVE-ID: CVE-2025-52862)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


8) NULL pointer dereference (CVE-ID: CVE-2025-52860)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


9) NULL pointer dereference (CVE-ID: CVE-2025-52859)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


10) NULL pointer dereference (CVE-ID: CVE-2025-52858)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


11) NULL pointer dereference (CVE-ID: CVE-2025-52857)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


12) NULL pointer dereference (CVE-ID: CVE-2025-52855)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


13) NULL pointer dereference (CVE-ID: CVE-2025-52854)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


14) NULL pointer dereference (CVE-ID: CVE-2025-52433)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


15) NULL pointer dereference (CVE-ID: CVE-2025-52432)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


16) NULL pointer dereference (CVE-ID: CVE-2025-52428)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


17) NULL pointer dereference (CVE-ID: CVE-2025-52427)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


18) NULL pointer dereference (CVE-ID: CVE-2025-52424)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


19) NULL pointer dereference (CVE-ID: CVE-2025-48729)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


20) NULL pointer dereference (CVE-ID: CVE-2025-48728)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


21) NULL pointer dereference (CVE-ID: CVE-2025-48727)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


22) NULL pointer dereference (CVE-ID: CVE-2025-48726)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


23) NULL pointer dereference (CVE-ID: CVE-2025-47214)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


24) NULL pointer dereference (CVE-ID: CVE-2025-47213)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote administrator can pass specially crafted data to the application and perform a denial of service (DoS) attack.


25) Command Injection (CVE-ID: CVE-2025-47212)

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to insufficient input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands.


26) Path traversal (CVE-ID: CVE-2025-47211)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.


Remediation

Install update from vendor's website.

References