Login Sign Up

CVE-2025-52857

4.9 MEDIUM
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with administrator credentials to cause denial-of-service conditions. This affects QNAP NAS devices running vulnerable QTS and QuTS hero versions. The vulnerability requires administrative access but can disrupt system availability.

💻 Affected Systems

Products:
  • QNAP QTS
  • QNAP QuTS hero
Versions: Versions before QTS 5.2.6.3195 build 20250715 and QuTS hero h5.2.6.3195 build 20250715
Operating Systems: QNAP proprietary OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative access to exploit; default admin accounts are vulnerable if credentials are known.

📦 What is this software?

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability of the QNAP device, disrupting all services and data access.

🟠

Likely Case

Service disruption affecting specific applications or processes on the QNAP device, requiring manual restart.

🟢

If Mitigated

Minimal impact if proper access controls prevent unauthorized administrative access.

🌐 Internet-Facing: MEDIUM - Internet-facing QNAP devices with exposed admin interfaces are at risk if credentials are compromised.
🏢 Internal Only: LOW - Internal-only devices with strong access controls have reduced risk.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrative credentials; vulnerability is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QTS 5.2.6.3195 build 20250715 and later, QuTS hero h5.2.6.3195 build 20250715 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-36

Restart Required: Yes

Instructions:

1. Log into QNAP web interface as admin. 2. Navigate to Control Panel > System > Firmware Update. 3. Check for updates and install QTS 5.2.6.3195 or QuTS hero h5.2.6.3195. 4. Reboot the device after installation.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative access to trusted IP addresses and use strong authentication.

Disable Unnecessary Services

all

Turn off unused services and interfaces to reduce attack surface.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate QNAP devices from untrusted networks.
  • Enforce multi-factor authentication and strong password policies for all admin accounts.

🔍 How to Verify

Check if Vulnerable:

Check QTS/QuTS hero version in Control Panel > System > Firmware Update. Versions before 5.2.6.3195 are vulnerable.

Check Version:

ssh admin@qnap-ip 'cat /etc/config/uLinux.conf | grep Version'

Verify Fix Applied:

Confirm version is QTS 5.2.6.3195 or QuTS hero h5.2.6.3195 or later in firmware settings.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected system crashes or restarts
  • Multiple failed admin login attempts followed by system instability

Network Indicators:

  • Unusual administrative access patterns to QNAP management interfaces

SIEM Query:

source="qnap_logs" AND (event_type="system_crash" OR event_type="admin_login")

📊 Metadata

CVE ID: CVE-2025-52857
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.19% exploit probability (40.6th percentile)
Published: October 3, 2025
Last Updated: October 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52857, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)