What is CVE-2025-54164?

CVE-2025-54164 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 4.6.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2025-54164

MEDIUM4.6/ 10.0

Published: January 2, 2026 at 03:16 PM

Modified: January 5, 2026 at 08:09 PM

Source: security@qnapsecurity.com.tw

Vulnerability Description

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

CVSS Metrics

Base Score

4.6

Severity

MEDIUM

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses (CWE)

CWE-125

Source: security@qnapsecurity.com.tw

AI Security Analysis

01 // Technical Summary

QNAP NAS devices are vulnerable to an out-of-bounds read vulnerability, allowing attackers with administrator privileges to steal sensitive data. This flaw could lead to data breaches and compromise the confidentiality of stored information. Organizations using affected QNAP devices should immediately update to the patched versions.

02 // Vulnerability Mechanism

Step 1: Administrator Account Compromise: The attacker must first gain administrator-level access to the QNAP device. This could be achieved through various means, such as brute-forcing weak passwords, exploiting other vulnerabilities, or social engineering. Step 2: Triggering the Vulnerability: Once administrator access is obtained, the attacker crafts a malicious request or input designed to trigger the out-of-bounds read. The specific input will depend on the vulnerable component and how it handles data access. Step 3: Out-of-Bounds Read: The crafted input causes the vulnerable code to read data from memory locations outside the intended boundaries. This data may contain sensitive information. Step 4: Data Exfiltration: The attacker extracts the leaked data, which could include credentials, configuration files, or other sensitive information, depending on the memory contents.

03 // Deep Technical Analysis

The vulnerability stems from an out-of-bounds read within a QNAP operating system component. The root cause likely involves improper bounds checking when accessing a data structure, such as an array or buffer. When an attacker-controlled input is processed, the system attempts to read data from a memory location outside the allocated boundaries. This allows an attacker to read sensitive information stored in adjacent memory locations, potentially including user credentials, encryption keys, or other confidential data. The lack of robust input validation and boundary checks is the core technical flaw.