Skip to main content

QNAP Notification Center EUVDEUVD-2025-210096

| CVE-2025-58468 MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-06-10 qnap GHSA-g758-jg83-j6jj
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 10, 2026 - 04:51 vuln.today
Patch available
Jun 10, 2026 - 04:16 EUVD
CVSS changed
Jun 10, 2026 - 03:22 NVD
5.1 (MEDIUM)
CVE Published
Jun 10, 2026 - 01:38 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.

We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291 and later

AnalysisAI

Cross-site request forgery in QNAP Notification Center allows remote unauthenticated attackers to forge state-changing requests on behalf of authenticated NAS users, potentially resulting in privilege escalation or session hijacking within the Notification Center context. Affected versions are all Notification Center 1.10.0 builds prior to 1.10.0.3291, confirmed by QNAP advisory QSA-26-13 and EUVD-2025-210096. Exploitation requires active victim interaction (CVSS 4.0 UI:A), integrity impact is rated low (VI:L), and no public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

CSRF (CWE-352) arises when a web application fails to verify that state-changing HTTP requests originate from the application's own interface rather than a third-party site. QNAP's Notification Center - a NAS-resident component managing alerts and system notifications - does not adequately validate request origin, allowing a malicious page to silently submit forged requests using an authenticated user's browser session and cookies. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:A) confirms the attack surface is network-accessible, requires no special attack prerequisites or attacker privileges, but mandates active interaction from the victim. Affected product is identified by CPE cpe:2.3:a:qnap_systems_inc.:notification_center:*:*:*:*:*:*:*:*, scoped to the 1.10.0 branch below build 3291.

RemediationAI

Upgrade QNAP Notification Center to version 1.10.0.3291 or later, as released and confirmed by QNAP via advisory QSA-26-13 at https://www.qnap.com/en/security-advisory/qsa-26-13. Updates can be applied through the QNAP App Center on the NAS management interface. Until patching is complete, restrict access to the NAS management interface to trusted internal networks or VPN only - blocking external access to the management ports eliminates the network delivery path for the forged request. Additionally, administrators should avoid clicking unsolicited links or browsing untrusted sites while authenticated to the QNAP interface, as this removes the active user interaction prerequisite (UI:A). Note that restricting management port access may affect remote administration workflows.

Share

EUVD-2025-210096 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy