CVE-2025-66280

N/A

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vu...

Affects 0 products across 1 vendor.

CVSS v45.1
EPSS0.4%
Percentile35th
PatchUnknown
CWE Weakness Definitions
CWE-121: Stack-Based Buffer Overflow

Buffer overflow corrupting the program stack, typically overwriting the return address for code execution.

CWE-190: Integer Overflow or Wraparound

Arithmetic operation exceeds the maximum integer value, wrapping around and often leading to undersized allocations.

◆ SAGE Intelligence — CITED Relevance Research Team

QNAP network-attached storage (NAS) devices running QTS and QuTS hero operating systems are affected by an integer overflow vulnerability that can be exploited by an attacker who has already obtained administrator-level access. Successful exploitation allows the attacker to further compromise system integrity, potentially enabling full system takeover, data exfiltration, or use of the NAS as a pivot point into OT network segments. In OT environments where QNAP NAS devices are commonly used for historian data storage, backups, or engineering file repositories, this vulnerability poses a meaningful risk to operational data confidentiality and availability.

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2025-66280?
QNAP network-attached storage (NAS) devices running QTS and QuTS hero operating systems are affected by an integer overflow vulnerability that can be exploited by an attacker who has already obtained administrator-level access. Successful exploitation allows the attacker to further compromise system integrity, potentially enabling full system takeover, data exfiltration, or use of the NAS as a pivot point into OT network segments. In OT environments where QNAP NAS devices are commonly used for h
Is CVE-2025-66280 actively exploited?
No confirmed active exploitation of CVE-2025-66280 as of 2026-06-24.
How do I remediate CVE-2025-66280?
Update to QTS 5.2.9.3410 build 20260214; QuTS hero h5.2.9.3410 build 20260214; QuTS hero h5.3.4.3500 build 20260520; QuTS hero h6.0.0.3397 build 20260206 or later. Vendor-released firmware updates for QTS and QuTS hero that remediate an integer overflow or wraparound condition exploitable by authenticated administrator-level remote attackers. Updates apply across multiple active firmware branches to ensure broad coverage of deployed device versions. Advisory: https://www.qnap.com/en/security-advisory/qsa-25-18
What systems are affected by CVE-2025-66280?
CVE-2025-66280 affects: Qnap.
Vulnerability Details
CVE IDCVE-2025-66280
Published2026-06-10
Last Modified2026-06-10
ICS Relevance70%
Weakness (CWE)
SourceNVD
Official Description

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Source: NIST NVD / MITRE CVE Database

Affected Products
VendorProductFixed Version
Qnap —
Remediation

Fixed Version: QTS 5.2.9.3410 build 20260214; QuTS hero h5.2.9.3410 build 20260214; QuTS hero h5.3.4.3500 build 20260520; QuTS hero h6.0.0.3397 build 20260206

Vendor-released firmware updates for QTS and QuTS hero that remediate an integer overflow or wraparound condition exploitable by authenticated administrator-level remote attackers. Updates apply across multiple active firmware branches to ensure broad coverage of deployed device versions.

View Vendor Advisory →
Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 32 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
● Virtual Patch — CITED Relevance SAGE Engine LOW CONFIDENCE

Deploy rules on perimeter and OT DMZ firewalls/IDS to monitor and alert on high-frequency POST requests targeting QNAP management CGI endpoints from external or untrusted network segments. Block all inbound connections to QNAP management ports (8080, 443, 22) from any source outside the designated management VLAN. Enforce allowlisting of administrator source IPs at the network boundary. These rules should be deployed on the firewall or IDS sitting between the IT/internet zone and the OT/NAS segment.

No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.

Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.

Related CVEs affecting Qnap
CVE-2017-7876 10.0 This command injection vulnerability in QTS allows attackers to run arbitrary... CVE-2024-32766 10.0 An OS command injection vulnerability has been reported to affect several QNA... CVE-2024-32764 9.9 A missing authentication for critical function vulnerability has been reporte... CVE-2017-17033 9.8 A buffer overflow vulnerability in password function in QNAP QTS version 4.2.... CVE-2017-17028 9.8 A buffer overflow vulnerability in external device function in QNAP QTS versi...
View all Qnap CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →