CVE-2025-22482
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-09-20
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qsync_central | From 4.5.0.3 (inc) to 4.5.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with user access to obtain secret data or modify memory, potentially leading to unauthorized information disclosure or system instability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Qsync Central to version 4.5.0.6 or later. The update can be applied by logging into QTS or QuTS hero as an administrator, accessing the App Center, searching for "Qsync Central," and applying the available update. [1]
Can you explain this vulnerability to me?
This vulnerability is a use of externally-controlled format string in Qsync Central. It allows remote attackers who have gained user access to potentially obtain secret data or modify memory by exploiting the way the software handles format strings.