QNAP QTS: CVE-2025-30264: Multiple Vulnerabilities in QTS and QuTS hero

Multiple vulnerabilities have been reported to affect certain QNAP operating system versions: CVE-2025-29882: If a remote attacker gains access to a user account, they can then exploit the NULL pointer dereference vulnerability to launch a denial-of-service (DoS) attack. CVE-2025-30264: If a remote attacker gains access to a user account, they can then exploit the command injection vulnerability to execute arbitrary commands. CVE-2025-30265: If a remote attacker gains access to a user account, they can then exploit the buffer overflow vulnerability to modify memory or crash processes. CVE-2025-30267, CVE-2025-30268, CVE-2025-30272, CVE-2025-30274: If a remote attacker gains access to a user account, they can then exploit the NULL pointer dereference vulnerabilities to launch a denial-of-service (DoS) attack. CVE-2025-30270, CVE-2025-30271, CVE-2025-33032: If a remote attacker gains access to a user account, they can then exploit the path traversal vulnerabilities to read the contents of unexpected files or system data. CVE-2025-30273: If a remote attacker gains access to a user account, they can then exploit the out-of-bounds write vulnerability to modify or corrupt memory. We have already fixed the vulnerabilities in the following versions: