安全ID : QSA-25-28
Multiple Vulnerabilities in Qsync Central
发布日期 : August 29, 2025
通用漏洞披露 : CVE-2025-30261 | CVE-2025-30262 | CVE-2025-30263
受影响产品: Qsync Central 5.0.x
严重程度
Moderate
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect Qsync Central:
- CVE-2025-30261: Allocation of resources without limits or throttling vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. - CVE-2025-30262, CVE-2025-30263: NULL pointer dereference vulnerabilities
If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Qsync Central 5.0.x | Qsync Central 5.0.0.0 (2025/06/13) and later |
Recommendation
To fix the vulnerabilities, we recommend updating Qsync Central to the latest version.
Updating Qsync Central
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Qsync Central" and then press ENTER.
Qsync Central appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Qsync Central is already up to date. - Click OK.
The system updates the application.
附件
致谢: coral
修订历史:
V1.0 (August 29, 2025) - Published
