CVE-2025-53595NVD

Vulnerability Summary

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

Severity Level

HIGH(8.6)

Published Date

Oct 3, 2025

Last Modified

Oct 3, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-89: SQL Injection ↗

Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

External References

https://www.qnap.com/en/security-advisory/qsa-25-35

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-53595NVD

Vulnerability Summary

External References