CVE-2025-47210NVD

Vulnerability Summary

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

Severity Level

MEDIUM(5.3)

Published Date

Oct 3, 2025

Last Modified

Oct 3, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-476: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

External References

https://www.qnap.com/en/security-advisory/qsa-25-35

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-47210NVD

Vulnerability Summary

External References