NULL Pointer Dereference in Qsync Central by QNAP
CVE-2025-53598

0.6LOW

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 11 February 2026

What is CVE-2025-53598?

A NULL pointer dereference vulnerability has been identified in Qsync Central, which can be exploited by remote attackers. If an attacker gains access to a user account, they may leverage this vulnerability to execute a denial-of-service (DoS) attack, causing significant disruption to users. This issue has been addressed in Qsync Central version 5.0.0.4 and later, ensuring enhanced security for users.

Affected Version(s)

Qsync Central 5.0.x.x < 5.0.0.4 ( 2026/01/20 )

References

https://www.qnap.com/en/security-advisory/qsa-26-02

CVSS V4

Score:

0.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Jul 4, 2025

Credit

coral

CVE-2025-53598 Data

JSON