CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.2%

CVSS Severity

CVSS v3 Score 4.9

References

https://www.qnap.com/en/security-advisory/qsa-26-08

Products affected by CVE-2025-66274

Qnap » Quts Hero » Version: h5.3.0.3115

cpe:2.3:o:qnap:quts_hero:h5.3.0.3115
Qnap » Quts Hero » Version: h5.3.0.3145

cpe:2.3:o:qnap:quts_hero:h5.3.0.3145
Qnap » Quts Hero » Version: h5.3.0.3192

cpe:2.3:o:qnap:quts_hero:h5.3.0.3192
Qnap » Quts Hero » Version: h5.3.1.3250

cpe:2.3:o:qnap:quts_hero:h5.3.1.3250
Qnap » Quts Hero » Version: h5.3.1.3292

cpe:2.3:o:qnap:quts_hero:h5.3.1.3292

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66274

Products

Pricing

Contact Us