A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.

We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Fixes

Solution

We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later


Workaround

No workaround given by the vendor.

History

Mon, 22 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qsync Central
CPEs cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qsync Central
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


Fri, 06 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
Description A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Title Qsync Central
Weaknesses CWE-134
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2025-06-06T16:35:24.146Z

Reserved: 2025-01-07T06:55:33.249Z

Link: CVE-2025-22482

cve-icon Vulnrichment

Updated: 2025-06-06T16:19:16.854Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-06T16:15:24.023

Modified: 2025-09-20T03:33:58.337

Link: CVE-2025-22482

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.