CVE-2025-22482

HIGH

Qnap Qsync Central < 4.5.0.6 - Format String Vulnerability

Title source: rule

Description

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-25-10

Scores

CVSS v3 8.1

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-134

Status published

Products (1)

qnap/qsync_central 4.5.0.3 - 4.5.0.6

Published Jun 06, 2025

Tracked Since Feb 18, 2026