Qsync Central
CVE-2025-68406
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
AnalysisAI
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]
Technical ContextAI
Classified as CWE-22 (Path Traversal). Affects Qsync Central. A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
RemediationAI
Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.
More in Qsync Central
View allAn out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the
SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or com
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or m
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today