QSearchQSearch

CVE-2025-62858

6.5 MEDIUM

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions

Published: 2026-06-09 · Last updated: 2026-06-12

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CWE
CWE-121

Affected products

VendorProduct
qnapqts, quts_hero

Description

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-26241 A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)
  • CVE-2026-26240 A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)
  • CVE-2026-26239 A buffer overflow vulnerability has been reported to affect File Station 5 (8.1 HIGH)
  • CVE-2026-26237 A missing authorization vulnerability has been reported to affect QuMagie (7.5 HIGH)
  • CVE-2026-24724 An incorrect authorization vulnerability has been reported to affect File Station 6 (8.1 HIGH)

Same CWE

  • CVE-2025-7019 Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivir... (5.5 MEDIUM)
  • CVE-2026-49760 Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow
  • CVE-2026-49759 Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by...
  • CVE-2026-26241 A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)
  • CVE-2026-26240 A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)