Cyber Resilience

CVE-2025-59383

Low

Published: 20 March 2026

Published
20 March 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 23.4th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2025-59383 is a low-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Qnap Media Streaming Add-On. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-59383 is a buffer overflow vulnerability (CWE-121) affecting the Media Streaming Add-On software component. Published on 2026-03-20, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating network accessibility, low attack complexity, no required privileges or user interaction, and unchanged scope with high impacts to integrity and availability but no confidentiality impact.

Remote, unauthenticated attackers can exploit this vulnerability over the network to modify memory or crash processes, potentially leading to denial-of-service conditions or unauthorized data manipulation within the affected component.

QNAP's security advisory (QSA-26-09) states that the vulnerability has been fixed in Media Streaming Add-on version 500.1.1 and later; users should update to a patched version for mitigation. Full details are available at https://www.qnap.com/en/security-advisory/qsa-26-09.

EU & UK References

Vulnerability details

A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1…

more

and later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in network-accessible Media Streaming Add-On enables unauthenticated remote exploitation of a public-facing application (T1190) for process crashes (DoS via application exploitation, T1499.004) and memory modification (data manipulation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56808Same product: Qnap Media Streaming Add-On
CVE-2024-53695Same product class: NAS / storage appliance
CVE-2025-48723Same product class: NAS / storage appliance
CVE-2025-48724Same product class: NAS / storage appliance
CVE-2025-48725Same product class: NAS / storage appliance
CVE-2025-57709Same product class: NAS / storage appliance
CVE-2024-13086Same product class: NAS / storage appliance
CVE-2025-30276Same product class: NAS / storage appliance
CVE-2025-29894Same product class: NAS / storage appliance
CVE-2025-52870Same product class: NAS / storage appliance

Affected Assets

qnap
media streaming add-on
≤ 500.1.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Requires timely identification, reporting, and patching of software flaws like this buffer overflow vulnerability, directly mitigating exploitation by updating to the fixed Media Streaming Add-on version 500.1.1.

prevent

Implements memory protection mechanisms such as ASLR and DEP to prevent unauthorized code execution and memory modification from buffer overflow exploits.

prevent

Enforces validation of network inputs to detect and reject oversized or malformed data that could trigger the buffer overflow in the Media Streaming Add-on.

References