.jpg)
![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![From electrical engineering student to CTO with Hitesh Choudhary [Podcast #175]](https://cdn.hashnode.com/res/hashnode/image/upload/v1749158756824/3996a2ad-53e5-4a8f-ab97-2c77a6f66ba3.png?#)
_Michael_Vi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Google Messages rolls out taller, 14-line text field [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/06/Google-Messages-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Planning Futuristic 'Glasswing' iPhone With Curved Glass and No Cutouts [Gurman]](https://www.iclarified.com/images/news/97534/97534/97534-640.jpg)
Multiple QNAP Vulnerabilities Let Remote Attacker Gains Access to a User Account
Two significant QNAP security vulnerabilities affecting Qsync Central 4.5.x that could allow remote attackers to exploit user accounts and gain unauthorized access to sensitive data. The vulnerabilities, identified as CVE-2025-22482 and CVE-2025-29892, were publicly disclosed on June 7, 2025, with fixes already available in updated software versions released earlier this year. CVE-2025-22482: Format String Exploitation […] The post Multiple QNAP Vulnerabilities Let Remote Attacker Gains Access to a User Account appeared first on Cyber Security News.
Two significant QNAP security vulnerabilities affecting Qsync Central 4.5.x that could allow remote attackers to exploit user accounts and gain unauthorized access to sensitive data.
The vulnerabilities, identified as CVE-2025-22482 and CVE-2025-29892, were publicly disclosed on June 7, 2025, with fixes already available in updated software versions released earlier this year.
CVE-2025-22482: Format String Exploitation Vulnerability
The CVE-2025-22482 vulnerability stems from improper handling of user-supplied format specifiers in C/C++ print-style functions.
The affected code likely contains unprotected calls to functions like sprintf, fprintf, or syslog without proper input validation. Consider this reconstructed vulnerable code snippet:
In this implementation, the action parameter (controlled by an authenticated attacker) contains unescaped format specifiers like %x or %n, enabling memory content disclosure or arbitrary memory writes.
An attacker with valid credentials could:
- Use %p specifiers to leak stack pointers and calculate memory offsets.
- Employ %s with crafted addresses to read arbitrary memory locations.
- Utilize %n to overwrite function pointers or security cookies.
The vulnerability becomes particularly dangerous when combined with other memory corruption flaws, as it potentially enables full Address Space Layout Randomization (ASLR) bypass.
CVE-2025-29892: SQL Injection Vulnerability
The CVE-2025-29892 vulnerability exists in Qsync Central’s database abstraction layer.
Examination of the advisory suggests the presence of dynamic SQL construction without proper parameterization. A reconstructed vulnerable code path might appear as:
This implementation allows authenticated attackers to inject SQL commands through the username parameter, bypassing standard authentication checks.
The payload would enumerate database tables, potentially exposing sensitive schema information. More dangerous injections could leverage which would escalate privileges through direct database modification.
The vulnerabilities were responsibly disclosed by security researchers Searat, izut, and coral, highlighting the importance of coordinated vulnerability disclosure in maintaining cybersecurity across enterprise infrastructure platforms.
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-22482 Qsync Central 4.5.x Obtain secret data or modify memory Attacker must gain access to a user account 7.8 (High) CVE-2025-29892 Qsync Central 4.5.x Execute unauthorized code or commands Attacker must gain access to a user account 8.1 (High)
Mitigations
QNAP has already addressed both vulnerabilities in Qsync Central version 4.5.0.6, released on March 20, 2025.
Organizations must immediately update their installations through the QTS or QuTS hero App Center by searching for “Qsync Central” and selecting the Update option.
System administrators should verify that their current version is 4.5.0.6 or later to ensure protection against these vulnerabilities.
Beyond patching, organizations should implement comprehensive security measures, including regular credential audits, multi-factor authentication enforcement, and network segmentation to limit potential attack surfaces.
Security teams should also monitor for unusual access patterns or database queries that might indicate exploitation attempts targeting these vulnerabilities.
Try Next-gen Antivirus that Elevates Endpoint Protection – Try for Free
The post Multiple QNAP Vulnerabilities Let Remote Attacker Gains Access to a User Account appeared first on Cyber Security News.
