Vulnerability Details CVE-2025-66274
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.2.3354 build 20251225 and later
QuTS hero h6.0.0.3397 build 20260206 and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 4.9
Products affected by CVE-2025-66274
-
cpe:2.3:o:qnap:quts_hero:h5.3.0.3115
-
cpe:2.3:o:qnap:quts_hero:h5.3.0.3145
-
cpe:2.3:o:qnap:quts_hero:h5.3.0.3192
-
cpe:2.3:o:qnap:quts_hero:h5.3.1.3250
-
cpe:2.3:o:qnap:quts_hero:h5.3.1.3292