NULL Pointer Dereference Vulnerability in QNAP Operating Systems
CVE-2025-52428

5.1MEDIUM

Key Information:

Vendor

QNAP
Status
Qts
Vendor
CVE Published:
3 October 2025

What is CVE-2025-52428?

A NULL pointer dereference vulnerability has been discovered in various versions of the QNAP operating system. This security flaw allows an attacker with administrator access to trigger a denial-of-service (DoS) condition, which can disrupt service for legitimate users. QNAP has addressed this issue in versions QTS 5.2.6.3195 build 20250715 and later, ensuring enhanced security for users.

Affected Version(s)

QTS 5.2.x < 5.2.6.3195 build 20250715

References

https://www.qnap.com/en/security-advisory/qsa-25-36

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

coral
JSON
.
CVE-2025-52428 : NULL Pointer Dereference Vulnerability in QNAP Operating Systems