CVE-2025-22482Use of Externally-Controlled Format String in Systems INC Qsync Central

CWE-134Use of Externally-Controlled Format String3 documents3 sources
Severity
2.3LOWNVD
EPSS
0.2%
top 60.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Qsync CentralQnap Qsync Central
Timeline
PublishedJun 6

Description

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages2 packages

NVDqnap/qsync_central4.5.0.34.5.0.6
CVEListV5qnap_systems_inc/qsync_central4.5.x.x4.5.0.6 ( 2025/03/20 )

🔴Vulnerability Details

2
CVEList
Qsync Central2025-06-06
GHSA
GHSA-8768-9r9g-5fj5: A use of externally-controlled format string vulnerability has been reported to affect Qsync Central2025-06-06
CVE-2025-22482 — LOW severity | cvebase