We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-32320 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later |
Solution
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-25-34 |
|
Tue, 07 Oct 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:* | |
| Metrics |
cvssV3_1
|
Mon, 06 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Qnap
Qnap qsync Qnap qsync Central |
|
| Vendors & Products |
Qnap
Qnap qsync Qnap qsync Central |
Fri, 03 Oct 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 03 Oct 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |
| Title | Qsync Central | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2025-10-03T18:39:08.950Z
Reserved: 2025-04-15T15:14:26.907Z
Link: CVE-2025-33040
Updated: 2025-10-03T18:39:04.027Z
Status : Analyzed
Published: 2025-10-03T18:15:35.067
Modified: 2025-10-07T15:00:12.290
Link: CVE-2025-33040
No data.
OpenCVE Enrichment
Updated: 2025-10-06T14:42:42Z
EUVD