CVE-2025-22482
Published: 06 June 2025
Summary
CVE-2025-22482 is a low-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Qnap Qsync Central. Its CVSS base score is 2.3 (Low).
Operationally, ranked at the 39.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17341
Vulnerability details
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability…
more
in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.