What is CVE-2025-53592?

CVE-2025-53592 is a publicly disclosed cybersecurity vulnerability with a LOW severity rating and CVSS score of 1.3.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2025-53592

LOW1.3/ 10.0

Published: January 2, 2026 at 03:16 PM

Modified: January 5, 2026 at 08:19 PM

Source: security@qnapsecurity.com.tw

Vulnerability Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

CVSS Metrics

Base Score

1.3

Severity

LOW

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses (CWE)

CWE-476

Source: security@qnapsecurity.com.tw

AI Security Analysis

01 // Technical Summary

QNAP NAS devices are vulnerable to a Denial-of-Service (DoS) attack due to a NULL pointer dereference. An attacker with a compromised user account can trigger this vulnerability, potentially rendering the device unavailable. Immediate patching is crucial to mitigate this critical security risk.

02 // Vulnerability Mechanism

Step 1: Account Compromise: An attacker gains access to a valid user account on the QNAP NAS device, potentially through credential stuffing, phishing, or exploiting another vulnerability. Step 2: Triggering the Vulnerability: The attacker, logged in with the compromised account, executes a specific action or series of actions that triggers the vulnerable code path. The exact trigger is unknown from the provided information. Step 3: NULL Pointer Dereference: The triggered code attempts to access memory through a NULL pointer. Step 4: Denial of Service: The NULL pointer dereference causes the QNAP operating system to crash, resulting in a DoS condition, making the device unavailable.

03 // Deep Technical Analysis

The vulnerability stems from a NULL pointer dereference within the QNAP operating system. The root cause likely involves a function that attempts to access memory through a pointer that has not been properly initialized or has been set to NULL. When the vulnerable code attempts to dereference this NULL pointer, the system attempts to read or write to memory address 0x0, which is an invalid memory location. This leads to a crash and subsequent DoS. The specific function or logic flaw is not detailed in the provided information, but it is triggered after a user account is compromised, indicating the vulnerable code path is likely accessible after authentication. The vulnerability's impact is a DoS, preventing legitimate users from accessing the NAS device's services.