CVE-2025-58466

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways.

We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Published: Feb 11, 2026
Updated: Feb 13, 2026
CVE: CVE-2025-58466
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-457

Affected Software
References

Software	From	Fixed in
qnap / qts	5.2.0.2737-build_20240417	5.2.0.2737-build_20240417.x
qnap / qts	5.2.0.2744-build_20240424	5.2.0.2744-build_20240424.x
qnap / qts	5.2.0.2782-build_20240601	5.2.0.2782-build_20240601.x
qnap / qts	5.2.0.2802-build_20240620	5.2.0.2802-build_20240620.x
qnap / qts	5.2.0.2823-build_20240711	5.2.0.2823-build_20240711.x
qnap / qts	5.2.0.2851-build_20240808	5.2.0.2851-build_20240808.x
qnap / qts	5.2.0.2860-build_20240817	5.2.0.2860-build_20240817.x
qnap / qts	5.2.1.2930-build_20241025	5.2.1.2930-build_20241025.x
qnap / qts	5.2.2.2950-build_20241114	5.2.2.2950-build_20241114.x
qnap / qts	5.2.3.3006-build_20250108	5.2.3.3006-build_20250108.x
qnap / qts	5.2.4.3070-build_20250312	5.2.4.3070-build_20250312.x
qnap / qts	5.2.4.3079-build_20250321	5.2.4.3079-build_20250321.x
qnap / qts	5.2.4.3092-build_20250403	5.2.4.3092-build_20250403.x
qnap / qts	5.2.5.3145-build_20250526	5.2.5.3145-build_20250526.x
qnap / qts	5.2.6.3195-build_20250715	5.2.6.3195-build_20250715.x
qnap / qts	5.2.6.3229-build_20250818	5.2.6.3229-build_20250818.x
qnap / qts	5.2.7.3256-build_20250913	5.2.7.3256-build_20250913.x
qnap / qts	5.2.7.3297-build_20251024	5.2.7.3297-build_20251024.x
qnap / qts	5.2.8.3332-build_20251128	5.2.8.3332-build_20251128.x
qnap / quts_hero	h5.2.0.2737-build_20240417	h5.2.0.2737-build_20240417.x
qnap / quts_hero	h5.2.0.2782-build_20240601	h5.2.0.2782-build_20240601.x
qnap / quts_hero	h5.2.0.2789-build_20240607	h5.2.0.2789-build_20240607.x
qnap / quts_hero	h5.2.0.2802-build_20240620	h5.2.0.2802-build_20240620.x
qnap / quts_hero	h5.2.0.2823-build_20240711	h5.2.0.2823-build_20240711.x
qnap / quts_hero	h5.2.0.2851-build_20240808	h5.2.0.2851-build_20240808.x
qnap / quts_hero	h5.2.0.2860-build_20240817	h5.2.0.2860-build_20240817.x
qnap / quts_hero	h5.2.1.2929-build_20241025	h5.2.1.2929-build_20241025.x
qnap / quts_hero	h5.2.1.2940-build_20241105	h5.2.1.2940-build_20241105.x
qnap / quts_hero	h5.2.2.2952-build_20241116	h5.2.2.2952-build_20241116.x
qnap / quts_hero	h5.2.3.3006-build_20250108	h5.2.3.3006-build_20250108.x
qnap / quts_hero	h5.2.4.3070-build_20250312	h5.2.4.3070-build_20250312.x
qnap / quts_hero	h5.2.4.3079-build_20250321	h5.2.4.3079-build_20250321.x
qnap / quts_hero	h5.2.5.3138-build_20250519	h5.2.5.3138-build_20250519.x
qnap / quts_hero	h5.2.6.3195-build_20250715	h5.2.6.3195-build_20250715.x
qnap / quts_hero	h5.2.7.3256-build_20250913	h5.2.7.3256-build_20250913.x
qnap / quts_hero	h5.2.7.3297-build_20251024	h5.2.7.3297-build_20251024.x
qnap / quts_hero	h5.2.8.3321-build_20251117	h5.2.8.3321-build_20251117.x

https://www.qnap.com/en/security-advisory/qsa-26-05

Vulnerability Database

324,293

CVE-2025-58466

Deep Security Visibility Without the Complexity