The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026.
QNAP rated the flaws as Moderate severity and confirmed that the issues have been resolved in the latest releases. The vulnerabilities affect License Center 2.0.x, a component used to manage licensing on QNAP systems.
While the bugs are not described as unauthenticated remote exploits, QNAP notes that an attacker would first need access to a valid account.
Which makes credential theft, weak passwords, or exposed admin portals key risk factors.
CVE-2025-52871 is an out-of-bounds read vulnerability. According to QNAP, if a remote attacker gains access to a user account, they may exploit the flaw to obtain secret data.
| CVE ID | Vulnerability Type | Affected Product | Impact |
|---|---|---|---|
| CVE-2025-52871 | Out-of-bounds Read | License Center 2.0.x | A remote attacker with admin account can modify memory or crash processes |
| CVE-2025-53597 | Buffer Overflow | License Center 2.0.x | A remote attacker with an admin account can modify memory or crash processes |
Out-of-bounds read issues typically allow unintended memory disclosure, which can expose tokens, keys, or other sensitive values depending on what is stored in memory during execution.
CVE-2025-53597 is a buffer overflow vulnerability. QNAP states that if a remote attacker gains access to an administrator account.
They could exploit it to modify memory or crash processes, potentially causing instability or denial-of-service on affected systems. QNAP has fixed the vulnerabilities in License Center 2.0.36 and later.
Organizations and home users running License Center 2.0.x should update immediately, especially if the NAS is reachable from the internet or shared across many users.
Access the QTS or QuTS hero management interface and authenticate with administrator privileges. Navigate to App Center from the system menu.
In App Center, use the search function to locate License Center. Select the application and click Update. Confirm the update when prompted to complete the process. QNAP credited Coral for reporting the issues.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data appeared first on Cyber Security News.
PORTLAND, Maine (AP) — Maine’s Democratic governor on Friday vetoed what would have been the…
PORTLAND, Maine (AP) — Maine’s Democratic governor on Friday vetoed what would have been the…
Federal agents draw their guns out after an incident at the annual White House Correspondents…
Sony Pictures and Amazon’s Prime Video have published an official trailer for their Spider-Noir show,…
Star Trek: Strange New Worlds Season 4 will premiere on Paramount+ on Thursday, July 23,…
Vivienne Medrano’s adult animation hit, Hazbin Hotel, will come to an end with Season 5,…
This website uses cookies.