QNAP QTS: CVE-2025-52864: Multiple Vulnerabilities in QTS and QuTS hero

Multiple vulnerabilities have been reported to affect several QNAP operating system versions: CVE-2025-44013, CVE-2025-52426, CVE-2025-52430, CVE-2025-52431, CVE-2025-53405, CVE-2025-53414, CVE-2025-53589, CVE-2025-53590, CVE-2025-53592, CVE-2025-53596: NULL pointer dereference vulnrabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to launch a denial-of-service (DoS) attack. CVE-2025-52863, CVE-2025-52864, CVE-2025-52872, CVE-2025-53593: Buffer overflow vulnerabilities If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to modify memory or crash processes. CVE-2025-53591: Externally-controlled format string vulnerability If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. CVE-2025-54164, CVE-2025-54165, CVE-2025-54166: Out-of-bounds read vulnerabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to obtain secret data. CVE-2025-47208, CVE-2025-57705: Allocation of resources without limits or throttling vulnerabilities If a remote attacker gains access to an administrator account, they can then exploit the vulnerabilities to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerabilities in the following versions: