Skip to main content

Notification Center

1 CVEs product

Monthly

CVE-2025-58468 MEDIUM PATCH This Month

Cross-site request forgery in QNAP Notification Center allows remote unauthenticated attackers to forge state-changing requests on behalf of authenticated NAS users, potentially resulting in privilege escalation or session hijacking within the Notification Center context. Affected versions are all Notification Center 1.10.0 builds prior to 1.10.0.3291, confirmed by QNAP advisory QSA-26-13 and EUVD-2025-210096. Exploitation requires active victim interaction (CVSS 4.0 UI:A), integrity impact is rated low (VI:L), and no public exploit code or active exploitation has been identified at time of analysis.

CSRF Notification Center
NVD
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Cross-site request forgery in QNAP Notification Center allows remote unauthenticated attackers to forge state-changing requests on behalf of authenticated NAS users, potentially resulting in privilege escalation or session hijacking within the Notification Center context. Affected versions are all Notification Center 1.10.0 builds prior to 1.10.0.3291, confirmed by QNAP advisory QSA-26-13 and EUVD-2025-210096. Exploitation requires active victim interaction (CVSS 4.0 UI:A), integrity impact is rated low (VI:L), and no public exploit code or active exploitation has been identified at time of analysis.

CSRF Notification Center
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy