Privilege Escalation Vulnerability in QND Products by QualitySoft
CVE-2025-64701

8.5HIGH

Key Information:

Vendor

Qualitysoft Corporation

Status
Qnd Premium/advance/standard
Vendor
CVE Published:
11 December 2025

What is CVE-2025-64701?

The QND Premium, Advance, and Standard products by QualitySoft prior to version 11.0.9i are susceptible to a privilege escalation vulnerability. This issue arises when a logged-in user can exploit the flaw to elevate their access to administrator privileges. Such unauthorized access could lead to the exposure or manipulation of sensitive information and the ability to perform arbitrary actions on the system, increasing the potential for security breaches and data loss.

Affected Version(s)

QND Premium/Advance/Standard Ver.11.0.9i and prior

References

https://www.qualitysoft.com/product/qnd_vulnerabilities_2...
https://jvn.jp/jp/JVN40102375/

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64701 : Privilege Escalation Vulnerability in QND Products by QualitySoft