安全ID : QSA-25-55
Vulnerability in Qfinder Pro, Qsync, and QVPN Device Client (for Mac)
发布日期 : January 3, 2026
通用漏洞披露 : CVE-2025-53594
受影响产品: Qfinder Pro (for Mac) 7.13.x, Qsync (for Mac) 5.1.x, QVPN Device Client (for Mac) 2.2.x
严重程度
Moderate
状态
已解决
Summary
A path traversal vulnerability has been reported to affect several utilities. If a local attacker gains access to a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following utilities and versions:
| Affected Product | Fixed Version |
| Qfinder Pro (for Mac) 7.13.x | Qfinder Pro (for Mac) 7.13.0 and later |
| Qsync (for Mac) 5.1.x | Qsync (for Mac) 5.1.5 and later |
| QVPN Device Client (for Mac) 2.2.x | QVPN Device Client (for Mac) 2.2.8 and later |
Recommendation
To secure your device, we recommend regularly updating your QNAP utilities to the latest versions to benefit from vulnerability fixes. You can check the QNAP Utilities page to see the latest updates available to your device operating system.
附件
致谢: Michael Cowell
修订历史:
V1.0 (January 3, 2026) - Published
