Search criteria
5 vulnerabilities found for qfiling by qnap
CERTFR-2026-AVI-0003
Vulnerability from certfr_avis - Published: 2026-01-05 - Updated: 2026-01-05
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QVPN | QVPN Device Client pour Mac versions 2.2.x antérieures à 2.2.8 | ||
| Qnap | QuTS hero | QuTS hero versions h5.2.8.x antérieures à h5.2.8.3321 build 20251117 | ||
| Qnap | Qfinder | Qfinder Pro Mac versions 7.13.x antérieures à 7.13.0 | ||
| Qnap | Qsync | Qsync pour Mac versions 5.1.x antérieures à 5.1.5 | ||
| Qnap | QuMagie | QuMagie versions 2.x antérieures à 2.8.1 | ||
| Qnap | License Center | License Center versions 2.0.x antérieures à 2.0.36 | ||
| Qnap | Qfiling | Qfiling versions 3.13.x antérieures à 3.13.1 | ||
| Qnap | QTS | QTS versions 5.2.8.x antérieures à 5.2.8.3332 build 20251128 | ||
| Qnap | MARS | MARS (Multi-Application Recovery Service) versions 1.2.x antérieures à 1.2.1.1686 | ||
| Qnap | QuTS hero | QuTS hero versions h5.3.x antérieures à h5.3.1.3250 build 20250912 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVPN Device Client pour Mac versions 2.2.x ant\u00e9rieures \u00e0 2.2.8",
"product": {
"name": "QVPN",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.8.x ant\u00e9rieures \u00e0 h5.2.8.3321 build 20251117",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qfinder Pro Mac versions 7.13.x ant\u00e9rieures \u00e0 7.13.0",
"product": {
"name": "Qfinder",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync pour Mac versions 5.1.x ant\u00e9rieures \u00e0 5.1.5",
"product": {
"name": "Qsync",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuMagie versions 2.x ant\u00e9rieures \u00e0 2.8.1",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 2.0.x ant\u00e9rieures \u00e0 2.0.36",
"product": {
"name": "License Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qfiling versions 3.13.x ant\u00e9rieures \u00e0 3.13.1",
"product": {
"name": "Qfiling",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.8.x ant\u00e9rieures \u00e0 5.2.8.3332 build 20251128",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "MARS (Multi-Application Recovery Service) versions 1.2.x ant\u00e9rieures \u00e0 1.2.1.1686",
"product": {
"name": "MARS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.3.x ant\u00e9rieures \u00e0 h5.3.1.3250 build 20250912",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53590",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53590"
},
{
"name": "CVE-2025-52431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52431"
},
{
"name": "CVE-2025-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52864"
},
{
"name": "CVE-2025-54165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54165"
},
{
"name": "CVE-2025-59381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59381"
},
{
"name": "CVE-2025-54164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54164"
},
{
"name": "CVE-2025-53414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53414"
},
{
"name": "CVE-2025-53589",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53589"
},
{
"name": "CVE-2025-48721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48721"
},
{
"name": "CVE-2025-53597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53597"
},
{
"name": "CVE-2025-53405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53405"
},
{
"name": "CVE-2025-57705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57705"
},
{
"name": "CVE-2025-53596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53596"
},
{
"name": "CVE-2025-53594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53594"
},
{
"name": "CVE-2025-9110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9110"
},
{
"name": "CVE-2025-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52426"
},
{
"name": "CVE-2025-62852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62852"
},
{
"name": "CVE-2025-53593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53593"
},
{
"name": "CVE-2025-53592",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53592"
},
{
"name": "CVE-2025-52872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52872"
},
{
"name": "CVE-2025-59380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59380"
},
{
"name": "CVE-2025-52863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52863"
},
{
"name": "CVE-2025-44013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-44013"
},
{
"name": "CVE-2025-52871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52871"
},
{
"name": "CVE-2025-54166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54166"
},
{
"name": "CVE-2025-52430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52430"
},
{
"name": "CVE-2025-59384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59384"
},
{
"name": "CVE-2025-47208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47208"
},
{
"name": "CVE-2025-62857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62857"
},
{
"name": "CVE-2025-53591",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53591"
},
{
"name": "CVE-2025-59387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59387"
}
],
"initial_release_date": "2026-01-05T00:00:00",
"last_revision_date": "2026-01-05T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0003",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-52",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-52"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-51",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-51"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-50",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-50"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-54",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-54"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-55",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-55"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-53",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-53"
},
{
"published_at": "2026-01-03",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-49",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-49"
}
]
}
CVE-2025-59384 (GCVE-0-2025-59384)
Vulnerability from nvd – Published: 2026-01-02 15:19 – Updated: 2026-01-05 20:38
VLAI?
Title
Qfiling
Summary
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qfiling 3.13.1 and later
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | Qfiling |
Affected:
3.13.x , < 3.13.1
(custom)
|
Credits
Long Hà
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:33:40.653617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:38:45.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Qfiling",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "3.13.1",
"status": "affected",
"version": "3.13.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Long H\u00e0"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQfiling 3.13.1 and later\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nQfiling 3.13.1 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T15:19:19.626Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-54"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQfiling 3.13.1 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQfiling 3.13.1 and later"
}
],
"source": {
"advisory": "QSA-25-54",
"discovery": "EXTERNAL"
},
"title": "Qfiling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2025-59384",
"datePublished": "2026-01-02T15:19:19.626Z",
"dateReserved": "2025-09-15T08:35:00.660Z",
"dateUpdated": "2026-01-05T20:38:45.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-59384
Vulnerability from fkie_nvd - Published: 2026-01-02 16:17 - Updated: 2026-01-22 18:23
Severity ?
Summary
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qfiling 3.13.1 and later
References
| URL | Tags | ||
|---|---|---|---|
| security@qnapsecurity.com.tw | https://www.qnap.com/en/security-advisory/qsa-25-54 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:qfiling:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7804DC69-DABD-46A9-A10A-8842DA30AE91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nQfiling 3.13.1 and later"
}
],
"id": "CVE-2025-59384",
"lastModified": "2026-01-22T18:23:46.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
}
]
},
"published": "2026-01-02T16:17:00.160",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-25-54"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Primary"
}
]
}
CVE-2025-59384 (GCVE-0-2025-59384)
Vulnerability from cvelistv5 – Published: 2026-01-02 15:19 – Updated: 2026-01-05 20:38
VLAI?
Title
Qfiling
Summary
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qfiling 3.13.1 and later
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | Qfiling |
Affected:
3.13.x , < 3.13.1
(custom)
|
Credits
Long Hà
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:33:40.653617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:38:45.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Qfiling",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "3.13.1",
"status": "affected",
"version": "3.13.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Long H\u00e0"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQfiling 3.13.1 and later\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nQfiling 3.13.1 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T15:19:19.626Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-54"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQfiling 3.13.1 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQfiling 3.13.1 and later"
}
],
"source": {
"advisory": "QSA-25-54",
"discovery": "EXTERNAL"
},
"title": "Qfiling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2025-59384",
"datePublished": "2026-01-02T15:19:19.626Z",
"dateReserved": "2025-09-15T08:35:00.660Z",
"dateUpdated": "2026-01-05T20:38:45.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}