Home Cyber Security News Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data Cyber Security NewsVulnerability News Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data By Abinaya - January 5, 2026 QNAP has patched multiple security vulnerabilities in its License Center application that could allow attackers to access sensitive information or disrupt services on affected NAS devices. The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026. QNAP rated the flaws as Moderate severity and confirmed that the issues have been resolved in the latest releases. The vulnerabilities affect License Center 2.0.x, a component used to manage licensing on QNAP systems. While the bugs are not described as unauthenticated remote exploits, QNAP notes that an attacker would first need access to a valid account. Which makes credential theft, weak passwords, or exposed admin portals key risk factors. Overview of the Security Flaws CVE-2025-52871 is an out-of-bounds read vulnerability. According to QNAP, if a remote attacker gains access to a user account, they may exploit the flaw to obtain secret data. CVE ID Vulnerability Type Affected Product Impact CVE-2025-52871 Out-of-bounds Read License Center 2.0.x A remote attacker with admin account can modify memory or crash processes CVE-2025-53597 Buffer Overflow License Center 2.0.x A remote attacker with an admin account can modify memory or crash processes Out-of-bounds read issues typically allow unintended memory disclosure, which can expose tokens, keys, or other sensitive values depending on what is stored in memory during execution. CVE-2025-53597 is a buffer overflow vulnerability. QNAP states that if a remote attacker gains access to an administrator account. They could exploit it to modify memory or crash processes, potentially causing instability or denial-of-service on affected systems. QNAP has fixed the vulnerabilities in License Center 2.0.36 and later. Organizations and home users running License Center 2.0.x should update immediately, especially if the NAS is reachable from the internet or shared across many users. Access the QTS or QuTS hero management interface and authenticate with administrator privileges. Navigate to App Center from the system menu. In App Center, use the search function to locate License Center. Select the application and click Update. Confirm the update when prompted to complete the process. QNAP credited Coral for reporting the issues. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. TAGS cyber security cyber security news LinkedinTwitterReddItFacebookTelegram Abinaya https://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop Cyber Security News PentestAgent – AI Penetration Testing Tool With Prebuilt Attack Playbooks and HexStrike Integration Cyber Security News New Clickfix Exploit Tricks Users into Changing DNS Settings for Malware Installation Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026