CVE-2025-22482
HIGHDescription
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Is your site exposed to CVE-2025-22482?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| qnap | qsync_central |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-22482? +
How severe is CVE-2025-22482? +
What products are affected by CVE-2025-22482? +
How do I check if I'm vulnerable to CVE-2025-22482? +
Related Vulnerabilities
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan …
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly …
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing …
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending …
WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application …
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort …