CyberSecurity News

Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret

QNAP has patched Multiple Vulnerabilities within its License Center application, flaws that could enable attackers to access sensitive information or disrupt services on affected NAS devices. The...

Marcus Rodriguez
Marcus Rodriguez
January 5, 2026 2 Min Read
10 0

QNAP has patched Multiple Vulnerabilities within its License Center application, flaws that could enable attackers to access sensitive information or disrupt services on affected NAS devices.

The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026.

QNAP rated the flaws as Moderate severity and confirmed that the issues have been resolved in the latest releases. The Vulnerabilities in QNAP systems.

While the bugs are not described as unauthenticated remote exploits, QNAP notes that an attacker would first need access to a valid account.

Which makes credential theft, weak passwords, or exposed admin portals key risk factors.

Overview of the Security Flaws

CVE-2025-52871 is an out-of-bounds read vulnerability. According to QNAP, if a remote attacker gains access to a user account, they may exploit the flaw to obtain secret data.

CVE ID Vulnerability Type Affected Product Impact
CVE-2025-52871 Out-of-bounds Read License Center 2.0.x A remote attacker with admin account can modify memory or crash processes
CVE-2025-53597 Buffer Overflow License Center 2.0.x A remote attacker with an admin account can modify memory or crash processes

Out-of-bounds read issues typically allow unintended memory disclosure, which can expose tokens, keys, or other sensitive values depending on what is stored in memory during execution.

CVE-2025-53597 is a buffer overflow vulnerability. QNAP states that if a remote attacker gains access to an administrator account.

They could exploit it to modify memory or crash processes, potentially causing instability or denial-of-service on affected systems. QNAP has fixed the vulnerabilities in License Center 2.0.36 and later.

Organizations and home users running License Center 2.0.x should update immediately, especially if the NAS is reachable from the internet or shared across many users.

Access the QTS or QuTS hero management interface and authenticate with administrator privileges. Navigate to App Center from the system menu.

In App Center, use the search function to locate License Center. Select the application and click Update. Confirm the update when prompted to complete the process. QNAP credited Coral for reporting the issues.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts