QNAP QuTS hero NULL ptr DoS (pre 5.3.4/6.0)
CVE-2025-62850 Published on June 10, 2026
QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2025-62850
Want to know whenever a new CVE is published for QNAP Quts Hero? stack.watch will email you.
Affected Versions
QNAP Systems Inc. QuTS hero:- Version h5.2.0 and below h5.2.9.3410 build 20260214 is affected.
- Version h5.3.0 and below h5.3.4.3500 build 20260520 is affected.
- Version ? and below h6.0.0.3459 build 20260409 is affected.