{"id":9650,"date":"2026-01-05T10:03:57","date_gmt":"2026-01-05T10:03:57","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/01\/05\/multiple-vulnerabilities-in-qnap-tools-let-attackers-obtain-secret-data\/"},"modified":"2026-01-05T10:03:57","modified_gmt":"2026-01-05T10:03:57","slug":"multiple-vulnerabilities-in-qnap-tools-let-attackers-obtain-secret-data","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/01\/05\/multiple-vulnerabilities-in-qnap-tools-let-attackers-obtain-secret-data\/","title":{"rendered":"Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data"},"content":{"rendered":"

Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

QNAP has patched multiple security vulnerabilities in its\u00a0License Center\u00a0application that could allow attackers to\u00a0access sensitive information\u00a0or\u00a0disrupt services\u00a0on affected NAS devices.<\/p>\n

The issues, tracked as\u00a0CVE-2025-52871\u00a0and\u00a0CVE-2025-53597, were disclosed on\u00a0January 3, 2026.<\/p>\n

QNAP rated the flaws as\u00a0Moderate\u00a0severity and confirmed that the issues have been resolved in the latest releases. The vulnerabilities affect\u00a0License Center 2.0.x, a component used to manage licensing on QNAP systems<\/a>.<\/p>\n

While the bugs are not described as unauthenticated remote exploits, QNAP notes that an attacker would first need access to a valid account.<\/p>\n

Which makes\u00a0credential theft<\/a>,\u00a0weak passwords, or\u00a0exposed admin portals\u00a0key risk factors.<\/p>\n

Overview of the Security Flaws<\/strong><\/h2>\n

CVE-2025-52871\u00a0is an\u00a0out-of-bounds<\/a> read\u00a0vulnerability. According to QNAP, if a remote attacker gains access to a\u00a0user account, they may exploit the flaw to\u00a0obtain secret data.<\/p>\n

\n\n\n\n\n\n\n
CVE ID<\/th>\nVulnerability Type<\/th>\nAffected Product<\/th>\nImpact<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-52871<\/strong><\/td>\nOut-of-bounds Read<\/td>\nLicense Center 2.0.x<\/td>\nA remote attacker with admin account can modify memory or crash processes<\/td>\n<\/tr>\n
CVE-2025-53597<\/strong><\/td>\nBuffer Overflow<\/td>\nLicense Center 2.0.x<\/td>\nA remote attacker with an admin account can modify memory or crash processes<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Out-of-bounds read issues typically allow unintended memory disclosure, which can expose tokens<\/a>, keys, or other sensitive values depending on what is stored in memory during execution.<\/p>\n

CVE-2025-53597\u00a0is a\u00a0buffer overflow<\/a>\u00a0vulnerability. QNAP states that if a remote attacker gains access to an\u00a0administrator account.<\/p>\n

They could exploit it to\u00a0modify memory or crash processes, potentially causing instability or\u00a0denial-of-service<\/a>\u00a0<\/span>on affected systems. QNAP has fixed the vulnerabilities in\u00a0License Center 2.0.36 and later.<\/p>\n

Organizations and home users running\u00a0License Center 2.0.x\u00a0should update immediately, especially if the NAS is reachable from the internet or shared across many users.<\/p>\n

Access the QTS or QuTS hero management interface and authenticate with administrator privileges<\/a>. Navigate to App Center from the system menu.<\/p>\n

In App Center, use the search function to locate License Center. Select the application and click Update. Confirm the update when prompted to complete the process. QNAP credited\u00a0Coral\u00a0for reporting<\/a> the issues.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data QNAP has patched multiple security vulnerabilities in its\u00a0License Center\u00a0application that could allow attackers to\u00a0access sensitive information\u00a0or\u00a0disrupt services\u00a0on affected NAS devices. The issues, tracked as\u00a0CVE-2025-52871\u00a0and\u00a0CVE-2025-53597, were disclosed on\u00a0January 3, 2026. QNAP rated the flaws as\u00a0Moderate\u00a0severity and confirmed that the issues have been resolved in the latest […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,648],"tags":[130],"class_list":["post-9650","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9650"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9650"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9650\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}