An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.

We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Advisories
Source ID Title
EUVD EUVD EUVD-2025-32321 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Fixes

Solution

We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later


Workaround

No workaround given by the vendor.

History

Wed, 08 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Mon, 06 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qsync
Qnap qsync Central
Vendors & Products Qnap
Qnap qsync
Qnap qsync Central

Fri, 03 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 03 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Description An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Title Qsync Central
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2025-10-03T18:40:35.142Z

Reserved: 2025-04-21T07:56:46.493Z

Link: CVE-2025-44007

cve-icon Vulnrichment

Updated: 2025-10-03T18:40:27.293Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-03T18:15:35.383

Modified: 2025-10-08T15:18:41.437

Link: CVE-2025-44007

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-06T14:42:44Z