安全ID : QSA-25-42
Multiple Vulnerabilities in QuLog Center
发布日期 : November 8, 2025
通用漏洞披露 : CVE-2025-54168 | CVE-2025-58469
受影响产品: QuLog Center 1.8.x
严重程度
Moderate
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect QuLog Center:
- CVE-2025-54168: Cross-site scripting (XSS) vulnerability
If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. - CVE-2025-58469: Cross-site request forgery (CSRF) vulnerability
A remote attacker can exploit the vulnerability to gain privileges or hijack user identities.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| QuLog Center 1.8.x | QuLog Center 1.8.2.923 (2025/08/27) and later |
Recommendation
To fix the vulnerabilities, we recommend updating QuLog Center to the latest version.
Updating QuLog Center
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "QuLog Center" and then press ENTER.
QuLog Center appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QuLog Center is already up to date. - Click OK.
The system updates the application.
附件
致谢:
Mohammad Abdullah - Infosec Researcher & Bugbounty hunter
Tim Coen
修订历史:
V1.0 (November 8, 2025) - Published
