CVE-2025-58464 – A relative path traversal vulnerability in QuMa... (How to Fix)

Q: What is the severity of CVE-2025-58464?

CVE-2025-58464 has a CVSS score of 7.5 (HIGH). A relative path traversal vulnerability in QuMagie allows remote attackers to read arbitrary files on the system. This affects all QuMagie installations before version 2.7.3. Attackers can potentially access sensitive system data and configuration files.

📋 TL;DR

A relative path traversal vulnerability in QuMagie allows remote attackers to read arbitrary files on the system. This affects all QuMagie installations before version 2.7.3. Attackers can potentially access sensitive system data and configuration files.

💻 Affected Systems

Products:

QNAP QuMagie

Versions: All versions before 2.7.3

Operating Systems: QTS, QuTS hero

Default Config Vulnerable: ⚠️ Yes

Notes: Affects QuMagie photo management application on QNAP NAS devices. Requires QuMagie to be installed and accessible.

📦 What is this software?

Qumagie by Qnap

View all CVEs affecting Qumagie →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like configuration files, passwords, SSH keys, or system files that could lead to further exploitation.

🟠

Likely Case

Unauthorized reading of application configuration files, user data, or system information that could be used for reconnaissance or credential theft.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to QuMagie services.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication to read files on internet-facing QuMagie instances.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to read sensitive files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity. The advisory indicates remote attackers can exploit this.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QuMagie 2.7.3 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-43

Restart Required: Yes

Instructions:

1. Log into QNAP NAS admin interface. 2. Go to App Center. 3. Check for updates for QuMagie. 4. Update to version 2.7.3 or later. 5. Restart QuMagie service or the NAS if required.

🔧 Temporary Workarounds

Disable QuMagie service

linux

Temporarily disable QuMagie until patching is possible

ssh admin@nas-ip 'sudo /etc/init.d/Qthumbs stop'
ssh admin@nas-ip 'sudo /etc/init.d/Qthumbs disable'

Restrict network access

linux

Block external access to QuMagie ports using firewall rules

iptables -A INPUT -p tcp --dport 8080 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate QuMagie from untrusted networks
Apply principle of least privilege to QuMagie service account and file system permissions

🔍 How to Verify

Check if Vulnerable:

Check QuMagie version in QNAP App Center or via SSH: ssh admin@nas-ip 'cat /share/CACHEDEV1_DATA/.qpkg/QuMagie/version'

Check Version:

ssh admin@nas-ip 'cat /share/CACHEDEV1_DATA/.qpkg/QuMagie/version'

Verify Fix Applied:

Verify QuMagie version is 2.7.3 or higher in App Center or via version check command

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in QuMagie logs
Multiple failed or successful attempts to access files outside normal paths

Network Indicators:

HTTP requests with '../' sequences in URLs to QuMagie endpoints
Unusual file download patterns from QuMagie service

SIEM Query:

source="qu_magie_logs" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2025-58464

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-23

EPSS Score: 0.08% exploit probability (23.4th percentile)

Published: November 7, 2025

Last Updated: November 14, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-43 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58464, you might also want to check these: