CVE-2025-62858
Severity CVSS v4.0:
MEDIUM
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
09/06/2026
Last modified:
12/06/2026
Description
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.<br />
<br />
We have already fixed the vulnerability in the following versions:<br />
QTS 5.2.9.3410 build 20260214 and later<br />
QuTS hero h5.2.9.3410 build 20260214 and later<br />
QuTS hero h5.3.4.3500 build 20260520 and later<br />
QuTS hero h6.0.0.3397 build 20260206 and later
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



