Security ID : QSA-25-35
Multiple Vulnerabilities in Qsync Central
Release date : October 4, 2025
CVE identifier : CVE-2025-44012 | CVE-2025-47210 | CVE-2025-52867 | CVE-2025-53595 | CVE-2025-54153
Affected products: Qsync Central 5.0.0
Severity
Important
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Qsync Central:
- CVE-2025-44012: Allocation of resources without limits or throttling vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. - CVE-2025-47210: NULL pointer dereference vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. - CVE-2025-52867: Uncontrolled resource consumption vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. - CVE-2025-53595, CVE-2025-54153: SQL injection vulnerabilities
If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to execute unauthorized code or commands.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Qsync Central 5.0.0 | Qsync Central 5.0.0.2 (2025/07/31) and later |
Recommendation
To fix the vulnerabilities, we recommend updating Qsync Central to the latest version.
Updating Qsync Central
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Qsync Central" and then press ENTER.
Qsync Central appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Qsync Central is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: coral
Revision History:
V1.0 (October 4, 2025) - Published
