Path Traversal Flaw in Qsync Central by QNAP
CVE-2025-57712

4MEDIUM

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-57712?

A path traversal vulnerability in Qsync Central allows authenticated remote attackers to read sensitive files or system data. If an attacker gains access to a user account, they can exploit this flaw to navigate unexpected directories and access unauthorized information. This issue has been addressed in version 5.0.0.3 and later.

Affected Version(s)

Qsync Central 5.0.x.x < 5.0.0.3 ( 2025/08/28 )

References

https://www.qnap.com/en/security-advisory/qsa-25-41

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Aug 18, 2025

Credit

coral

JSON