CVE-2025-62850
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabi...
Affects 0 products across 1 vendor.
Software attempts to use a NULL pointer, causing a crash and denial of service.
CVE-2025-62850 affects multiple QNAP QuTS hero NAS operating system versions, allowing a remote attacker who has already obtained administrator credentials to trigger a NULL pointer dereference, resulting in a denial-of-service condition. In OT environments, QNAP NAS devices are commonly used as historian data stores, backup targets, and file servers supporting SCADA and ICS operations; a DoS against these systems could disrupt data logging, recipe storage, or operational backups. While exploitation requires prior administrator-level access, the availability impact in industrial environments elevates the effective risk.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2025-62850?
Is CVE-2025-62850 actively exploited?
How do I remediate CVE-2025-62850?
What systems are affected by CVE-2025-62850?
| CVE ID | CVE-2025-62850 |
|---|---|
| Published | 2026-06-10 |
| Last Modified | 2026-06-10 |
| ICS Relevance | 55% |
| Weakness (CWE) | |
| Source | NVD |
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Qnap | — | — |
Fixed Version: QuTS hero h5.2.9.3410 build 20260214, h5.3.4.3500 build 20260520, h6.0.0.3459 build 20260409
QNAP resolved the NULL pointer dereference vulnerability across three QuTS hero version branches by issuing updated builds that prevent a remotely authenticated administrator from triggering a denial-of-service condition; all three patched builds were released between February and May 2026.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy IPS rules at the network perimeter and OT DMZ firewall to detect and rate-limit repeated authenticated POST requests to QNAP management web interfaces (ports 8080 and 443). Block all inbound access to QNAP admin interfaces from untrusted networks at the firewall level. Internally, restrict access to QNAP management ports to only authorized administrator workstations via ACL.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →