CVE-2025-53594

Summary

A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions: Qfinder Pro Mac 7.13.0 and later Qsync for Mac 5.1.5 and later QVPN Device Client for Mac 2.2.8 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.Qfinder Pro Mac7.13.x < 7.13.0affected
QNAP Systems Inc.Qsync for Mac5.1.x < 5.1.5affected
QNAP Systems Inc.QVPN Device Client for Mac2.2.x < 2.2.8affected

Weaknesses

  • CWE-22: CWE-22
  • CWE-59: CWE-59
  • CWE-367: CWE-367

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References