Externally-Controlled Format String Vulnerability in Qsync Central by QNAP
CVE-2025-22482

2.3LOW

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-22482?

A vulnerability in Qsync Central allows remote attackers, possessing user access, to exploit an externally-controlled format string, potentially leading to unauthorized access to confidential information or the ability to modify memory. This issue has been mitigated in versions 4.5.0.6 and later.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Qsync Central 4.5.x.x < 4.5.0.6 ( 2025/03/20 )

References

https://www.qnap.com/en/security-advisory/qsa-25-10

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Searat and izut

JSON

QNAP