CVE-2025-52854

Q: What is the severity of CVE-2025-52854?

CVE-2025-52854 has a CVSS score of 4.9 (MEDIUM). A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QTS and QuTS hero systems running vulnerable versions. The vulnerability requires administrative access to exploit.

4.9 MEDIUM

Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QTS and QuTS hero systems running vulnerable versions. The vulnerability requires administrative access to exploit.

💻 Affected Systems

Products:

QTS
QuTS hero

Versions: Versions prior to QTS 5.2.6.3195 build 20250715 and QuTS hero h5.2.6.3195 build 20250715

Operating Systems: QNAP NAS operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Requires administrative access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability of QNAP device services, requiring physical intervention to restore functionality.

🟠

Likely Case

Service disruption affecting specific QNAP applications or management interfaces, potentially requiring system reboot.

🟢

If Mitigated

No impact if proper access controls prevent unauthorized administrative access.

🌐 Internet-Facing: MEDIUM - Internet-facing QNAP devices with exposed admin interfaces are at risk if credentials are compromised.

🏢 Internal Only: LOW - Requires administrative credentials, reducing risk in properly segmented networks with strong access controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative credentials. The NULL pointer dereference is triggered through specific administrative functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QTS 5.2.6.3195 build 20250715 and later, QuTS hero h5.2.6.3195 build 20250715 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-36

Restart Required: Yes

Instructions:

1. Log into QNAP web interface as administrator. 2. Go to Control Panel > System > Firmware Update. 3. Check for updates and install QTS 5.2.6.3195 or later. 4. Reboot the NAS when prompted.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit administrative access to trusted IP addresses and networks only

Configure firewall rules to restrict access to QNAP admin interface (default ports 8080, 443)

Implement strong authentication

all

Enforce strong passwords and multi-factor authentication for administrative accounts

Enable 2FA in Control Panel > Security > Two-factor Authentication

🧯 If You Can't Patch

Isolate QNAP devices from internet access and restrict administrative access to specific trusted networks only
Implement network segmentation to separate QNAP devices from critical infrastructure and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check current firmware version in Control Panel > System > Firmware Update. If version is earlier than QTS 5.2.6.3195 or QuTS hero h5.2.6.3195, the system is vulnerable.

Check Version:

ssh admin@qnap-ip 'cat /etc/config/uLinux.conf | grep Version' or check web interface at Control Panel > System > Firmware Update

Verify Fix Applied:

After update, verify firmware version shows QTS 5.2.6.3195 or later, or QuTS hero h5.2.6.3195 or later.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful admin login
System crash logs or kernel panic messages
Unexpected service restarts

Network Indicators:

Unusual administrative access patterns
Traffic spikes to admin interface followed by service disruption

SIEM Query:

source="qnap" AND (event_type="authentication" AND result="success" AND user="admin") OR (event_type="system" AND message="panic" OR message="crash")

📊 Metadata

CVE ID: CVE-2025-52854

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.19% exploit probability (40.6th percentile)

Published: October 3, 2025

Last Updated: October 8, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-36 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Qts by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

Quts Hero by Qnap

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict administrative access

Implement strong authentication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities