Qsync Central
CVE-2025-54148
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
AnalysisAI
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]
Technical ContextAI
Classified as CWE-476 (NULL Pointer Dereference). Affects Qsync Central. A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Qsync Central
View allAn out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the
SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or com
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or m
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today