Improper Certificate Validation in Qsync Central by QNAP
CVE-2025-30278

8.3HIGH

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 29 August 2025

What is CVE-2025-30278?

A vulnerability has been identified in Qsync Central by QNAP, stemming from improper certificate validation. This issue poses a significant risk as it could allow a remote attacker, who has gained a user account, to exploit the system's security mechanisms. It is crucial to update to Qsync Central version 4.5.0.7 or later to mitigate this risk effectively.

Affected Version(s)

Qsync Central 4.5.x.x < 4.5.0.7 ( 2025/04/23 )

References

https://www.qnap.com/en/security-advisory/qsa-25-22

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Mar 20, 2025

Credit

coral