{"id":"CVE-2025-59386","details":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQuTS hero h5.3.2.3354 build 20251225 and later","modified":"2026-03-13T03:39:24.493177Z","published":"2026-02-11T13:15:57.540Z","references":[{"type":"ADVISORY","url":"https://www.qnap.com/en/security-advisory/qsa-26-08"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"h5.3.0.3115-build_20250430"}]},{"events":[{"introduced":"0"},{"last_affected":"h5.3.0.3145-build_20250530"}]},{"events":[{"introduced":"0"},{"last_affected":"h5.3.0.3192-build_20250716"}]},{"events":[{"introduced":"0"},{"last_affected":"h5.3.1.3250-build_20250912"}]},{"events":[{"introduced":"0"},{"last_affected":"h5.3.1.3292-build_20251024"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59386.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}