Cyber Resilience

CVE-2025-58466

Low

Published: 11 February 2026

Published
11 February 2026
Modified
12 February 2026
KEV Added
Patch
CVSS Score v4 1.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 34.9th percentile
Risk Priority 2 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58466 is a low-severity Use of Uninitialized Variable (CWE-457) vulnerability in Qnap Qts. Its CVSS base score is 1.2 (Low).

Operationally, ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in…

more

unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

qnap
qts
5.2.0.2737, 5.2.0.2744, 5.2.0.2782, 5.2.0.2802, 5.2.0.2823
qnap
quts hero
h5.2.0.2737, h5.2.0.2782, h5.2.0.2789, h5.2.0.2802, h5.2.0.2823

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References