CVE-2025-62858 QNAP Systems Inc. CVE debrief

Who should care

Administrators of QNAP operating systems, particularly those using versions prior to QTS 5.2.9.3410, QuTS hero h5.2.9.3410, QuTS hero h5.3.4.3500, and QuTS hero h6.0.0.3397, should apply the necessary patches to prevent exploitation.

Technical summary

The CVE-2025-62858 vulnerability is a buffer overflow issue with a CVSS score of 5.1 and a medium severity rating. It can be exploited by an attacker with high privileges (PR:H) over the network (AV:N) without requiring user interaction (UI:N). The vulnerability affects multiple versions of QNAP's QTS and QuTS hero operating systems.

Defensive priority

High

Recommended defensive actions

• Apply patches: Upgrade to QTS 5.2.9.3410 build 20260214 or later, QuTS hero h5.2.9.3410 build 20260214 or later, QuTS hero h5.3.4.3500 build 20260520 or later, or QuTS hero h6.0.0.3397 build 20260206 or later.
• Restrict access: Limit administrator account access to only those who need it.
• Monitor systems: Regularly monitor QNAP systems for suspicious activity.

Evidence notes

The information provided is based on the CVE-2025-62858 record and related sources.

Official resources