NULL Pointer Dereference Vulnerability in Qsync Central by QNAP
CVE-2025-47209

1.3LOW

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 11 February 2026

What is CVE-2025-47209?

A NULL pointer dereference vulnerability has been identified in Qsync Central, where a remote attacker can exploit it after gaining user account access. This exploitation can lead to a denial-of-service (DoS) attack, disrupting service availability. A patch has been implemented in Qsync Central version 5.0.0.4, released on January 20, 2026, addressing this issue.

Affected Version(s)

Qsync Central 5.0.x.x < 5.0.0.4 ( 2026/01/20 )

References

https://www.qnap.com/en/security-advisory/qsa-26-02

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2026
Vulnerability Reserved
May 2, 2025

Credit

coral

CVE-2025-47209 Data

JSON