CVE-2025-52424

Q: What is the severity of CVE-2025-52424?

CVE-2025-52424 has a CVSS score of 4.9 (MEDIUM). A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QTS and QuTS hero systems running vulnerable versions. The vulnerability requires administrative access to exploit.

4.9 MEDIUM

Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QTS and QuTS hero systems running vulnerable versions. The vulnerability requires administrative access to exploit.

💻 Affected Systems

Products:

QTS
QuTS hero

Versions: Versions before QTS 5.2.6.3195 build 20250715 and QuTS hero h5.2.6.3195 build 20250715

Operating Systems: QNAP NAS operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: All QNAP devices running affected OS versions are vulnerable by default. Requires administrator account access for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability of QNAP device services, requiring physical intervention to restore functionality.

🟠

Likely Case

Temporary service disruption affecting specific QNAP services or applications until system restart.

🟢

If Mitigated

Minimal impact if administrator accounts are properly secured and monitored.

🌐 Internet-Facing: MEDIUM - While exploitation requires admin credentials, internet-facing QNAP devices with weak admin passwords could be targeted.

🏢 Internal Only: LOW - Requires compromised admin credentials, which should be protected in properly managed environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple exploitation once admin credentials are obtained.

Exploitation requires administrative access, making credential theft or weak passwords a prerequisite.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QTS 5.2.6.3195 build 20250715 and later, QuTS hero h5.2.6.3195 build 20250715 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-36

Restart Required: Yes

Instructions:

1. Log into QNAP web interface as admin. 2. Navigate to Control Panel > System > Firmware Update. 3. Check for updates and install QTS 5.2.6.3195 or QuTS hero h5.2.6.3195. 4. Reboot the NAS when prompted.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit administrative account access to trusted IP addresses only.

Configure firewall rules to restrict admin interface access to specific IP ranges

Enable Multi-Factor Authentication

all

Require MFA for all administrator accounts to prevent credential-based attacks.

Enable MFA in Control Panel > Security > Two-Factor Authentication

🧯 If You Can't Patch

Implement strict network segmentation to isolate QNAP devices from untrusted networks
Enforce strong password policies and monitor for brute force attempts on admin accounts

🔍 How to Verify

Check if Vulnerable:

Check current QTS/QuTS hero version in Control Panel > System > Firmware Update. Compare against patched versions.

Check Version:

ssh admin@qnap-ip 'cat /etc/config/uLinux.conf | grep version'

Verify Fix Applied:

Verify version shows QTS 5.2.6.3195 or QuTS hero h5.2.6.3195 or later in firmware information.

📡 Detection & Monitoring

Log Indicators:

Multiple failed admin login attempts followed by system crash logs
Unexpected system reboots or service restarts

Network Indicators:

Unusual admin login patterns from unexpected IP addresses
Sudden drop in NAS service availability

SIEM Query:

source="qnap-logs" (event_type="authentication_failure" AND user="admin") OR (event_type="system_crash")

📊 Metadata

CVE ID: CVE-2025-52424

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.19% exploit probability (40.6th percentile)

Published: October 3, 2025

Last Updated: October 8, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-36 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Admin Access

Enable Multi-Factor Authentication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities