CVE-2025-62848

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-25-45	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424::::::
	cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817::::::
	cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025::::::
	cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114::::::
	cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108::::::
	cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312::::::
	cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321::::::
	cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403::::::
	cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526::::::
	cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715::::::
	cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818::::::
	cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913::::::
	cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430::::::
	cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530::::::
	cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716::::::
	cpe:2.3:o:qnap:quts_hero:h5.3.1.3250:build_20250912::::::

History

17 Dec 2025, 13:55

Type	Values Removed	Values Added
First Time		Qnap qts Qnap quts Hero Qnap
CPE		cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:::::: cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:::::: cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:::::: cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:::::: cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:::::: cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:::::: cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:::::: cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:::::: cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:::::: cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:::::: cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:::::: cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:::::: cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:::::: cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:quts_hero:h5.3.1.3250:build_20250912:::::: cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:::::: cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:::::: cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:::::: cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:::::: cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:::::: cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:::::: cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:::::: cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:::::: cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:::::: cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:::::: cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:::::: cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:::::: cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:::::: cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711::::::
References	~~() https://www.qnap.com/en/security-advisory/qsa-25-45 -~~	() https://www.qnap.com/en/security-advisory/qsa-25-45 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

16 Dec 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-16 03:15

Updated : 2025-12-17 13:55

NVD link : CVE-2025-62848

Mitre link : CVE-2025-62848

CVE.ORG link : CVE-2025-62848

JSON object : View

Products Affected

qnap

qts
quts_hero

CWE

CWE-476

NULL Pointer Dereference

7.5 /10