An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
History

Wed, 08 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Mon, 06 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qsync
Qnap qsync Central
Vendors & Products Qnap
Qnap qsync
Qnap qsync Central

Fri, 03 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 03 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Description An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Title Qsync Central
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2025-10-03T18:09:05.407Z

Updated: 2025-10-03T18:40:35.142Z

Reserved: 2025-04-21T07:56:46.493Z

Link: CVE-2025-44007

cve-icon Vulnrichment

Updated: 2025-10-03T18:40:27.293Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-03T18:15:35.383

Modified: 2025-10-08T15:18:41.437

Link: CVE-2025-44007

cve-icon Redhat

No data.