Skip to main content

Qsync Central CVE-2025-30275

MEDIUM
NULL Pointer Dereference (CWE-476)
2025-08-29 security@qnapsecurity.com.tw
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:09 vuln.today
CVE Published
Aug 29, 2025 - 18:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

AnalysisAI

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later Affected products include: Qnap Qsync Central.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2025-44014 HIGH
8.8 Oct 03

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun

CVE-2025-30276 HIGH
8.8 Feb 11

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun

CVE-2025-54153 HIGH
8.8 Oct 03

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the

CVE-2025-53595 HIGH
8.8 Oct 03

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the

CVE-2025-29892 HIGH
8.8 Jun 06

SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or com

CVE-2025-52869 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-52868 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-48724 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-48723 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-22482 HIGH
8.1 Jun 06

Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or m

CVE-2025-30269 HIGH
8.1 Feb 11

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack

CVE-2025-57709 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

Share

CVE-2025-30275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy