Security ID : QSA-25-10
Multiple Vulnerabilities in Qsync Central
Release date : June 7, 2025
CVE identifier : CVE-2025-22482 | CVE-2025-29892
Affected products: Qsync Central 4.5.x
Severity
Important
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Qsync Central:
- CVE-2025-22482: Use of externally-controlled format string vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to obtain secret data or modify memory. - CVE-2025-29892: SQL injection vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Qsync Central 4.5.x | Qsync Central 4.5.0.6 (2025/03/20) and later |
Recommendation
To fix the vulnerabilities, we recommend updating Qsync Central to the latest version.
Updating Qsync Central
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Qsync Central" and then press ENTER.
Qsync Central appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Qsync Central is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements:
Searat and izut (CVE-2025-22482)
coral (CVE-2025-29892)
Revision History:
V1.0 (June 07, 2025) - Published
