Buffer Overflow in QNAP OS (pre-5.2.9.3410, pre-5.3.4.3500, pre-6.0.0.3397)
CVE-2025-62858 Published on June 9, 2026
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2025-62858 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2025-62858
stack.watch emails you whenever new vulnerabilities are published in QNAP Qts or QNAP Quts Hero. Just hit a watch button to start following.
Affected Versions
QNAP Systems Inc. QTS:- Version 5.2.0 and below 5.2.9.3410 build 20260214 is affected.
- Version h5.2.0 and below h5.2.9.3410 build 20260214 is affected.
- Version h5.3.0 and below h5.3.4.3500 build 20260520 is affected.
- Version ? and below h6.0.0.3397 build 20260206 is affected.