- Description
- An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security@qnapsecurity.com.tw
- CWE-89
- Hype score
- Not currently trending
“QNAP Qsync Central” və “File Station 5"də boşluqlar (CVE-2025-29892, CVE-2025-22482, CVE-2025-22486, CVE-2025-29883, CVE-2025-29884, CVE-2025-29885) aşkar olunub #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/CjR37itri9
@CERTAzerbaijan
12 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en los productos de QNAP ❗CVE-2025-22481 ❗CVE-2025-29892 ❗CVE-2025-33031 ❗CVE-2025-30279 ➡️Más info: https://t.co/VNxsodrL8Z https://t.co/3nuXt2R8oc
@CERTpy
9 Jun 2025
362 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-29892 SQL Injection Vulnerability in Qsync Central Enables Unauthorized Remote Code Execution https://t.co/FFJY9TyVhM
@VulmonFeeds
7 Jun 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-29892: HIGH] SQL injection vulnerability in Qsync Central fixed in version 4.5.0.6 (2025/03/20) & later. Ensure to update to safeguard against remote code execution by attackers.#cve,CVE-2025-29892,#cybersecurity https://t.co/wAQFTII4Ej https://t.co/LyqUWhsSzk
@CveFindCom
6 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes