An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
History

Tue, 07 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Mon, 06 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qsync
Qnap qsync Central
Vendors & Products Qnap
Qnap qsync
Qnap qsync Central

Fri, 03 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 03 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Description An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Title Qsync Central
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2025-10-03T18:08:40.111Z

Updated: 2025-10-03T18:38:24.565Z

Reserved: 2025-04-15T15:14:26.907Z

Link: CVE-2025-33039

cve-icon Vulnrichment

Updated: 2025-10-03T18:38:16.140Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-03T18:15:34.920

Modified: 2025-10-07T15:01:53.063

Link: CVE-2025-33039

cve-icon Redhat

No data.