CVE-2025-59383

Critical

Published: 20 March 2026

Published

20 March 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0014 33.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1…

and later

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Requires timely identification, reporting, and patching of software flaws like this buffer overflow vulnerability, directly mitigating exploitation by updating to the fixed Media Streaming Add-on version 500.1.1.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as ASLR and DEP to prevent unauthorized code execution and memory modification from buffer overflow exploits.

SI-10 Information Input Validation good match

prevent

Enforces validation of network inputs to detect and reject oversized or malformed data that could trigger the buffer overflow in the Media Streaming Add-on.

Security SummaryAI

CVE-2025-59383 is a buffer overflow vulnerability (CWE-121) affecting the Media Streaming Add-On software component. Published on 2026-03-20, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating network accessibility, low attack complexity, no required privileges or user interaction, and unchanged scope with high impacts to integrity and availability but no confidentiality impact.

Remote, unauthenticated attackers can exploit this vulnerability over the network to modify memory or crash processes, potentially leading to denial-of-service conditions or unauthorized data manipulation within the affected component.

QNAP's security advisory (QSA-26-09) states that the vulnerability has been fixed in Media Streaming Add-on version 500.1.1 and later; users should update to a patched version for mitigation. Full details are available at https://www.qnap.com/en/security-advisory/qsa-26-09.

Details

CWE(s): CWE-121

Affected Products

qnap

media streaming add-on

≤ 500.1.1.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Buffer overflow in network-accessible Media Streaming Add-On enables unauthenticated remote exploitation of a public-facing application (T1190) for process crashes (DoS via application exploitation, T1499.004) and memory modification (data manipulation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.qnap.com/en/security-advisory/qsa-26-09
Vendor Advisory · security@qnapsecurity.com.tw