CVE-2025-62848 - Vulnerability Details - OpenCVE

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qnap Systems Inc.	Qts Quts Hero

No data.

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-25-45

History

Tue, 16 Dec 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Title		QTS, QuTS hero
First Time appeared		Qnap Systems Inc. Qnap Systems Inc. qts Qnap Systems Inc. quts Hero
Weaknesses		CWE-476
CPEs		cpe:2.3:a:qnap_systems_inc.:qts:::::::: cpe:2.3:a:qnap_systems_inc.:quts_hero::::::::
Vendors & Products		Qnap Systems Inc. Qnap Systems Inc. qts Qnap Systems Inc. quts Hero
References		https://www.qnap.com/en/security-advisory/qsa-25-45
Metrics		cvssV4_0 `{'score': 8.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2025-12-16T02:25:04.815Z

Updated: 2025-12-16T21:24:54.910Z

Reserved: 2025-10-24T02:43:45.373Z

Link: CVE-2025-62848

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-16T03:15:58.350

Modified: 2025-12-16T14:10:11.300

Link: CVE-2025-62848

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62848", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2025-10-24T02:43:45.373Z", "datePublished": "2025-12-16T02:25:04.815Z", "dateUpdated": "2025-12-16T21:24:54.910Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.2.7.3297 build 20251024", "status": "affected", "version": "5.2.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h5.2.7.3297 build 20251024", "status": "affected", "version": "h5.2.x", "versionType": "custom"}, {"lessThan": "h5.3.1.3292 build 20251024", "status": "affected", "version": "h5.3.x", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.2.7.3297_build_20251024", "versionStartIncluding": "5.2.x", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*", "versionEndExcluding": "h5.2.7.3297_build_20251024", "versionStartIncluding": "h5.2.x", "vulnerable": true}, {"criteria": "cpe:2.3:a:qnap_systems_inc.:quts_hero:*:*:*:*:*:*:*:*", "versionEndExcluding": "h5.3.1.3292_build_20251024", "versionStartIncluding": "h5.3.x", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Pwn2Own 2025 - DEVCORE"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.2.7.3297 build 20251024 and later<br>QuTS hero h5.2.7.3297 build 20251024 and later<br>QuTS hero h5.3.1.3292 build 20251024 and later<br>"}], "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.1, "baseSeverity": "HIGH", "exploitMaturity": "UNREPORTED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2025-12-16T02:25:04.815Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-45"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.2.7.3297 build 20251024 and later<br>QuTS hero h5.2.7.3297 build 20251024 and later<br>QuTS hero h5.3.1.3292 build 20251024 and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"}], "source": {"advisory": "QSA-25-45", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T21:24:45.780330Z", "id": "CVE-2025-62848", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T21:24:54.910Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3297 build 20251024 and later\nQuTS hero h5.2.7.3297 build 20251024 and later\nQuTS hero h5.3.1.3292 build 20251024 and later"}], "id": "CVE-2025-62848", "lastModified": "2025-12-16T14:10:11.300", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2025-12-16T03:15:58.350", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-25-45"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}