CVE-2025-52428

Q: What is the severity of CVE-2025-52428?

CVE-2025-52428 has a CVSS score of 4.9 (MEDIUM). A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QNAP NAS devices running vulnerable QTS versions. The vulnerability requires administrative access to exploit.

4.9 MEDIUM

Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QNAP NAS devices running vulnerable QTS versions. The vulnerability requires administrative access to exploit.

💻 Affected Systems

Products:

QNAP NAS devices

Versions: QTS versions before 5.2.6.3195 build 20250715

Operating Systems: QTS (QNAP Turbo NAS Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: All QNAP devices running affected QTS versions are vulnerable by default. The vulnerability requires administrative access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability of QNAP NAS services, requiring physical intervention to restore functionality.

🟠

Likely Case

Temporary service disruption affecting specific QNAP applications or services until system restart.

🟢

If Mitigated

No impact if proper access controls prevent unauthorized administrative access.

🌐 Internet-Facing: MEDIUM - While exploitation requires admin credentials, internet-facing QNAP devices are common targets for credential theft and subsequent exploitation.

🏢 Internal Only: LOW - Internal attackers would need administrative credentials, which should be tightly controlled in secure environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Once administrative credentials are obtained, exploitation is straightforward.

Exploitation requires administrative access, which attackers may obtain through credential theft, weak passwords, or other vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QTS 5.2.6.3195 build 20250715 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-36

Restart Required: Yes

Instructions:

1. Log into QTS web interface as administrator. 2. Navigate to Control Panel > System > Firmware Update. 3. Check for updates and install QTS 5.2.6.3195 or later. 4. Reboot the NAS when prompted.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative access to trusted IP addresses and networks only.

Configure firewall rules to restrict QTS web interface access to specific IP ranges

Enable Multi-Factor Authentication

all

Require MFA for all administrative accounts to prevent credential-based attacks.

Enable MFA in QTS Control Panel > Security > Two-Factor Authentication

🧯 If You Can't Patch

Isolate QNAP devices from internet access and restrict to internal network only
Implement strict access controls and monitoring for administrative accounts

🔍 How to Verify

Check if Vulnerable:

Check QTS version in Control Panel > System > Firmware Update. If version is earlier than 5.2.6.3195 build 20250715, the system is vulnerable.

Check Version:

ssh admin@qnap-ip 'cat /etc/config/uLinux.conf | grep version'

Verify Fix Applied:

Verify QTS version shows 5.2.6.3195 or later in Control Panel > System > Firmware Update.

📡 Detection & Monitoring

Log Indicators:

Unexpected system crashes or reboots
Multiple failed login attempts followed by successful admin login
Process crashes in system logs

Network Indicators:

Unusual administrative login patterns
Traffic spikes to QTS web interface followed by service disruption

SIEM Query:

source="qnap_logs" AND (event_type="system_crash" OR (auth_result="success" AND user_role="admin" AND src_ip NOT IN trusted_ips))

📊 Metadata

CVE ID: CVE-2025-52428

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.19% exploit probability (40.6th percentile)

Published: October 3, 2025

Last Updated: October 8, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-36 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Administrative Access

Enable Multi-Factor Authentication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities