CVE-2025-22483
published 2025-08-29CVE-2025-22483: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator…
high7.1CVSS 4.0
AVNACHATNPRHUIAVCLVIHVAHSCLSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
License Center 1.8.51 and later
License Center 1.9.51 and later
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | license_center | >= 1.8.17 < 1.8.51 | 1.8.51 |
| qnap | license_center | >= 1.9.36 < 1.9.51 | 1.9.51 |
| qnap_systems_inc | license_center | >= 1.8.x < 1.8.51 | 1.8.51 |
| qnap_systems_inc | license_center | >= 1.9.x < 1.9.51 | 1.9.51 |