CVE-2025-62848

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Ссылки

https://www.qnap.com/en/security-advisory/qsa-25-45
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.3.1.3250:build_20250912:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00152

Низкий

7.5 High

CVSS3

Дефекты

CWE-476

Связанные уязвимости

GHSA-7vwr-42wj-qjpw

CVSS3: 7.5

github

около 2 месяцев назад

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

BDU:2025-16031

CVSS3: 10

fstec

3 месяца назад

Уязвимость операционных систем QuTS hero и QTS сетевых устройств Qnap, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии