216.73.217.139

CVE-2025-66281

· Published 10/06/2026 04:17 · Modified 10/06/2026 19:43

Labels: CVE-2025-66281 2026-06-10CVE-2025-66281CWE-476[email protected]

Essential information

Published
10/06/2026 04:17
Modified
10/06/2026 19:43
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
qnap / qts cpe:2.3:o:qnap:qts:5.2.9.3410:*:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.2.9.3410:*:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h5.3.4.3500:*:*:*:*:*:*:*
qnap / quts hero cpe:2.3:o:qnap:quts_hero:h6.0.0.3397:*:*:*:*:*:*:*

References