QNAP QTS/QuTS Integer Overflow (Admin) CVE-2025-66280 Fixed v5.2.9.3410+
CVE-2025-66280 Published on June 10, 2026
QTS, QuTS hero
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
Weakness Types
Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2025-66280 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2025-66280
stack.watch emails you whenever new vulnerabilities are published in QNAP Qts or QNAP Quts Hero. Just hit a watch button to start following.
Affected Versions
QNAP Systems Inc. QTS:- Version 5.2.0 and below 5.2.9.3410 build 20260214 is affected.
- Version h5.2.0 and below h5.2.9.3410 build 20260214 is affected.
- Version h5.3.0 and below h5.3.4.3500 build 20260520 is affected.
- Version ? and below h6.0.0.3397 build 20260206 is affected.