Multiple Vulnerabilities in Qsync Central

Summary

Multiple vulnerabilities have been reported to affect Qsync Central:

• CVE-2025-30269: Use of externally-controlled format string vulnerability
  If a remote attacker gains access to a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
• CVE-2025-54170: Out-of-bounds read vulnerability
  If a remote attacker gains access to a user account, they can then exploit the vulnerability to obtain secret data.
• CVE-2025-30276: Out-of-bounds write vulnerability
  If a remote attacker gains access to a user account, they can then exploit the vulnerability to modify or corrupt memory.
• CVE-2025-47209, CVE-2025-48722, CVE-2025-53598, CVE-2025-54146, CVE-2025-54147, CVE-2025-54148, CVE-2025-58472, CVE-2025-30266: NULL pointer dereference vulnerabilities
  If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to launch a denial-of-service (DoS) attack.
• CVE-2025-48723, CVE-2025-48724, CVE-2025-52868, CVE-2025-52869, CVE-2025-52870, CVE-2025-57709: Buffer overflow vulnerabilities
  If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to modify memory or crash processes.
• CVE-2025-54149, CVE-2025-54150, CVE-2025-54151: Uncontrolled resource consumption vulnerabilities
  If a local attacker gains access to a user account, they can then exploit the vulnerabilities to launch a denial-of-service (DoS) attack.
• CVE-2025-54152: Out-of-range pointer offset vulnerability
  If a remote attacker gains access to a user account, they can then exploit the vulnerability to read sensitive portions of memory.
• CVE-2025-57708, CVE-2025-57710, CVE-2025-57711, CVE-2025-58471: Allocation of resources without limits or throttling vulnerabilities
  If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to prevent other systems, applications, or processes from accessing the same type of resource.
• CVE-2025-58467, CVE-2025-58470, CVE-2025-68406: Relative path traversal vulnerabilities
  If a remote attacker gains access to a user account, they can then exploit the vulnerabilities to read the contents of unexpected files or system data.

We have already fixed the vulnerabilities in the following version:

Recommendation

To fix the vulnerabilities, we recommend updating Qsync Central to the latest version.

Updating Qsync Central

1. Log on to QTS or QuTS hero as an administrator.
2. Open App Center and then click .
   A search box appears.
3. Type "Qsync Central" and then press ENTER.
   Qsync Central appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if your Qsync Central is already up to date.
5. Click OK.
   The system updates the application.