Relative Path Traversal Vulnerability in QuMagie by QNAP
CVE-2025-58464

7.8HIGH

Key Information:

Vendor

QNAP
Status
Qumagie
Vendor
CVE Published:
7 November 2025

What is CVE-2025-58464?

A relative path traversal vulnerability has been identified in QuMagie that allows remote attackers to access sensitive files and system data. By exploiting this vulnerability, an attacker could read unexpected files, potentially exposing confidential information. To address this issue, users are advised to update to QuMagie version 2.7.3 or later, which contains the necessary security fixes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QuMagie 2.7.x < 2.7.3

References

https://www.qnap.com/en/security-advisory/qsa-25-43

CVSS V4

Score:
7.8
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tim Coen
JSON
.