CVE-2025-22482

Published Jun 6, 2025

Last updated a month ago

Overview

Description: A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Source: security@qnapsecurity.com.tw
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 2.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: LOW

Weaknesses

security@qnapsecurity.com.tw: CWE-134

Hype score: Not currently trending

“QNAP Qsync Central” və “File Station 5"də boşluqlar (CVE-2025-29892, CVE-2025-22482, CVE-2025-22486, CVE-2025-29883, CVE-2025-29884, CVE-2025-29885) aşkar olunub #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/CjR37itri9
@CERTAzerbaijan
12 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.