Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h6.0.0.3397 build 20260206 and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 4.9
Products affected by CVE-2025-66274
  • Qnap » Quts Hero » Version: h5.3.0.3115
    cpe:2.3:o:qnap:quts_hero:h5.3.0.3115
  • Qnap » Quts Hero » Version: h5.3.0.3145
    cpe:2.3:o:qnap:quts_hero:h5.3.0.3145
  • Qnap » Quts Hero » Version: h5.3.0.3192
    cpe:2.3:o:qnap:quts_hero:h5.3.0.3192
  • Qnap » Quts Hero » Version: h5.3.1.3250
    cpe:2.3:o:qnap:quts_hero:h5.3.1.3250
  • Qnap » Quts Hero » Version: h5.3.1.3292
    cpe:2.3:o:qnap:quts_hero:h5.3.1.3292


Contact Us

Shodan ® - All rights reserved