CVE-2025-22482

Severity CVSS v4.0:

LOW

Type:

CWE-134 Format String Vulnerability

Publication date:

06/06/2025

Last modified:

09/06/2025

Description

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L CVSS v4.0 Severity and Metrics:

Base Score: 2.30 LOW
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Attack Vector (AV): Network
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): Low
Availability (VA): Low
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): Low

Base Score 4.0

2.30

Severity 4.0

LOW

References to Advisories, Solutions, and Tools

https://www.qnap.com/en/security-advisory/qsa-25-10