CVE-2025-59384

Published Jan 2, 2026

Last updated 6 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59384 is a path traversal vulnerability that affects Qfiling. Remote attackers can exploit this vulnerability to read the contents of unexpected files or system data. The vulnerability exists due to insufficient input validation of pathnames, which allows attackers to bypass intended restrictions. Qfiling version 3.13.1 and later contain the fix for this vulnerability.

Description: A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later
Source: security@qnapsecurity.com.tw
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 8.1
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

Weaknesses

security@qnapsecurity.com.tw: CWE-22

Hype score: Not currently trending

References