CVE-2025-52432

03.10.2025, 19:15

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
and later
QuTS hero h5.2.6.3195 build 20250715 and later
QuTS hero h5.3.0.3192 build 20250716 and later

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
qnap	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://www.qnap.com/en/security-advisory/qsa-25-36