CVE-2025-22482

Low CVSS: 2.3

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.

We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

Vendor

Qnap

Product

Qsync Central

CWE

CWE-134

Yayın Tarihi

2025-06-06 16:15:24

Güncelleme

2025-09-20 03:33:58

Source Identifier

security@qnapsecurity.com.tw

KEV Date Added

Kategoriler

CWE-134 Qsync Central LOW Qnap 2025

Referanslar

https://www.qnap.com/en/security-advisory/qsa-25-10

Benzer Kayıtlar

High

CVE-2026-22897

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vul…

Medium

CVE-2026-22900

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exp…

Medium

CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, th…

Medium

CVE-2026-22902

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator ac…

Medium

CVE-2025-59388

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can th…

Low

CVE-2024-14025

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who…