PatchSiren cyber security CVE debrief
CVE-2025-62850 QNAP Systems Inc. CVE debrief
CVE-2025-62850 is a NULL pointer dereference vulnerability affecting several QNAP operating system versions. A remote attacker with administrator privileges can exploit this vulnerability to launch a denial-of-service (DoS) attack. The vulnerability has been fixed in QuTS hero h5.2.9.3410 build 20260214 and later, QuTS hero h5.3.4.3500 build 20260520 and later, and QuTS hero h6.0.0.3459 build 20260409 and later.
- Vendor
- QNAP Systems Inc.
- Product
- QuTS hero
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Administrators of QNAP operating systems should apply the necessary patches to prevent exploitation of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 5.1 and is classified as MEDIUM severity. It can be exploited by a remote attacker with high privileges, and it requires no user interaction.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided by QNAP: QuTS hero h5.2.9.3410 build 20260214 and later, QuTS hero h5.3.4.3500 build 20260520 and later, and QuTS hero h6.0.0.3459 build 20260409 and later.
- Restrict access to administrator accounts to prevent exploitation.
Evidence notes
The vulnerability was reported to affect several QNAP operating system versions.
Official resources
-
CVE-2025-62850 CVE record
CVE.org
-
CVE-2025-62850 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-62850 was published on 2026-06-10T04:17:07.620Z and modified on 2026-06-10T19:43:28.857Z.