Skip to main content

Qsync Central CVE-2025-58471

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-02-11 security@qnapsecurity.com.tw
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 11, 2026 - 13:15 nvd
MEDIUM 4.9

DescriptionCVE.org

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.

We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later

AnalysisAI

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. [CVSS 4.9 MEDIUM]

Technical ContextAI

Classified as CWE-770 (Allocation of Resources Without Limits or Throttling). Affects Qsync Central. An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.

We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-44014 HIGH
8.8 Oct 03

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun

CVE-2025-30276 HIGH
8.8 Feb 11

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun

CVE-2025-54153 HIGH
8.8 Oct 03

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the

CVE-2025-53595 HIGH
8.8 Oct 03

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the

CVE-2025-29892 HIGH
8.8 Jun 06

SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or com

CVE-2025-52869 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-52868 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-48724 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-48723 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-22482 HIGH
8.1 Jun 06

Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or m

CVE-2025-30269 HIGH
8.1 Feb 11

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack

CVE-2025-57709 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

Share

CVE-2025-58471 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy