CVE-2025-58467 – A relative path traversal vulnerability in Qsyn... (How to Fix)

Q: What is the severity of CVE-2025-58467?

CVE-2025-58467 has a CVSS score of 6.5 (MEDIUM). A relative path traversal vulnerability in Qsync Central allows authenticated attackers to read arbitrary files on the system. This affects all Qsync Central installations before version 5.0.0.4. Attackers need valid user credentials to exploit this vulnerability.

📋 TL;DR

A relative path traversal vulnerability in Qsync Central allows authenticated attackers to read arbitrary files on the system. This affects all Qsync Central installations before version 5.0.0.4. Attackers need valid user credentials to exploit this vulnerability.

💻 Affected Systems

Products:

Qsync Central

Versions: All versions before 5.0.0.4

Operating Systems: QNAP QTS operating system

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default configuration of affected Qsync Central versions.

📦 What is this software?

Qsync Central by Qnap

View all CVEs affecting Qsync Central →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or system data leading to privilege escalation or lateral movement.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, user information, or application secrets.

🟢

If Mitigated

Limited file access within the application's directory if proper access controls and file permissions are configured.

🌐 Internet-Facing: HIGH if Qsync Central is exposed to the internet, as attackers with valid credentials can exploit remotely.

🏢 Internal Only: MEDIUM as attackers still need valid credentials, but internal threats could exploit this for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid user credentials. Path traversal vulnerabilities are typically straightforward to exploit once authentication is bypassed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qsync Central 5.0.0.4 (2026/01/20) and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-26-02

Restart Required: Yes

Instructions:

1. Log into QNAP App Center. 2. Check for updates to Qsync Central. 3. Install version 5.0.0.4 or later. 4. Restart the Qsync Central service or the entire QNAP device.

🔧 Temporary Workarounds

Restrict User Access

all

Limit user accounts to only those necessary and implement strong authentication controls.

Network Segmentation

all

Isolate Qsync Central from sensitive network segments and limit external access.

🧯 If You Can't Patch

Implement strict file system permissions to limit what files the Qsync Central service account can access.
Deploy network-based intrusion detection systems to monitor for path traversal patterns in HTTP requests.

🔍 How to Verify

Check if Vulnerable:

Check Qsync Central version in QNAP App Center. If version is earlier than 5.0.0.4, the system is vulnerable.

Check Version:

Check via QNAP web interface: App Center > Installed Apps > Qsync Central

Verify Fix Applied:

Confirm Qsync Central version is 5.0.0.4 or later in QNAP App Center after update.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Qsync Central logs
HTTP requests containing '../' or directory traversal sequences

Network Indicators:

HTTP requests with path traversal payloads to Qsync Central endpoints

SIEM Query:

source="Qsync Central" AND ("../" OR "..\\" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2025-58467

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-23

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: February 11, 2026

Last Updated: February 12, 2026

🔗 References

https://www.qnap.com/en/security-advisory/qsa-26-02 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58467, you might also want to check these: