CVE-2025-52871

Published Jan 2, 2026

Last updated 5 months ago

CVSS low 1.3

Overview

Description
An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later
Source
security@qnapsecurity.com.tw
NVD status
Analyzed
Products
license_center

Risk scores

CVSS 4.0

Type
Secondary
Base score
1.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
LOW

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security@qnapsecurity.com.tw
CWE-125

Social media

Hype score
Not currently trending

  1. 🚨 ثغرات متعددة في QNAP تُمكّن المهاجمين من الوصول لبيانات سرية 🛡️ رصد ثغرات CVE-2025-52871 و CVE-2025-53597 في License Center، تسمح بالوصول لبيانات حساسة أو تعطيل الخدمات عن

    @MisbarSec

    5 Jan 2026

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 QNAP Patches License Center Flaws That Could Leak Secrets or Crash NAS Services QNAP fixed two vulnerabilities in its License Center (2.0.x) that could allow an attacker with a valid account to read sensitive memory data (CVE-2025-52871) or trigger a buffer overflow leading

    @ThreatSynop

    5 Jan 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-52871 & CVE-2025-53597: Inside the Critical Memory Flaws Threatening QNAP Networks Read the full report on - https://t.co/ugwPTkDeRz https://t.co/q00yQ91ZM0

    @cyberbivash

    5 Jan 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-52871 An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to … https://t.co/1wc36Y8H8T

    @CVEnew

    2 Jan 2026

    115 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: License Center 1.9.56 and laterCVE-2025-62851
  2. A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: License Center 2.0.36 and laterCVE-2025-53597
  3. A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and later License Center 1.9.51 and laterCVE-2025-22483

References

Sources include official advisories and independent security research.