CVE-2025-62852
02.01.2026, 16:17
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and laterEnginsight
| Vendor | Product | Version |
|---|---|---|
| qnap | qts | 5.2.0.2737:build_20240417 |
| qnap | qts | 5.2.0.2744:build_20240424 |
| qnap | qts | 5.2.0.2782:build_20240601 |
| qnap | qts | 5.2.0.2802:build_20240620 |
| qnap | qts | 5.2.0.2823:build_20240711 |
| qnap | qts | 5.2.0.2851:build_20240808 |
| qnap | qts | 5.2.0.2860:build_20240817 |
| qnap | qts | 5.2.1.2930:build_20241025 |
| qnap | qts | 5.2.2.2950:build_20241114 |
| qnap | qts | 5.2.3.3006:build_20250108 |
| qnap | qts | 5.2.4.3070:build_20250312 |
| qnap | qts | 5.2.4.3079:build_20250321 |
| qnap | qts | 5.2.4.3092:build_20250403 |
| qnap | qts | 5.2.5.3145:build_20250526 |
| qnap | qts | 5.2.6.3195:build_20250715 |
| qnap | qts | 5.2.6.3229:build_20250818 |
| qnap | qts | 5.2.7.3256:build_20250913 |
| qnap | qts | 5.2.7.3297:build_20251024 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
Vulnerability Media Exposure