CVE-2025-52864
Published: 02 January 2026
Summary
CVE-2025-52864 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qnap Quts Hero. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the buffer overflow vulnerability by requiring timely application of vendor patches to affected QNAP OS versions.
Provides memory protections like address space layout randomization and data execution prevention to block exploitation of buffer overflows causing memory modification or process crashes.
Enforces input validation and bounds checking to prevent buffer overflows from attacker-supplied data in remote user requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow enables remote exploitation of a service (T1210) to crash processes for endpoint DoS via application/system exploitation (T1499.004) or modify memory for runtime data manipulation (T1565.003).
NVD Description
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability…
more
in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Deeper analysisAI
CVE-2025-52864 is a buffer overflow vulnerability (CWE-120) affecting several versions of QNAP's QTS and QuTS hero operating systems. Published on 2026-01-02, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts without requiring user interaction.
A remote attacker who has gained a user account on an affected system can exploit the vulnerability over the network with low complexity. Successful exploitation allows the attacker to modify memory or crash processes, enabling denial-of-service conditions or unauthorized data manipulation.
QNAP has fixed the vulnerability in QTS 5.2.7.3256 build 20250913 and later, QuTS hero h5.2.7.3256 build 20250913 and later, and QuTS hero h5.3.0.3192 build 20250716 and later. Additional details are available in the vendor's security advisory at https://www.qnap.com/en/security-advisory/qsa-25-50.
Details
- CWE(s)