CVE-2025-47205 Qnap — Exploit & Vulnerability Details MEDIUM

CVE-2025-47205

MEDIUM CVSS 4.0: 5.1 EPSS 0.13%

Parameter	Value
CVSS	5.1 (MEDIUM)
Type	CWE-476 (NULL Pointer Dereference)
Vendor	Qnap
Public PoC	No

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

Low

Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-476 NULL Pointer Dereference

References 1

https://www.qnap.com/en/security-advisory/qsa-26-05

security@qnapsecurity.com.tw

Share Post Share Share Share

Related Vulnerabilities

CVE-2024-14026

Qnap

2.0

Menu

CVE-2025-47205

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2024-14026

CVE Details

Editor's Choice

Menu

CVE-2025-47205

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2024-14026

CVE Details

Editor's Choice

Stay informed on cybersecurity