CVE-2025-33040: CWE-770 in QNAP Systems Inc. Qsync Central
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
CVE-2025-33040: CWE-770 in QNAP Systems Inc. Qsync Central
Description
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- qnap
- Date Reserved
- 2025-04-15T15:14:26.907Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68e065e211971642e8580b80
Added to database: 10/4/2025, 12:10:10 AM
Last updated: 10/4/2025, 12:10:10 AM
Views: 1
Related Threats
CVE-2025-44007: CWE-770 in QNAP Systems Inc. Qsync Central
HighCVE-2025-44006: CWE-770 in QNAP Systems Inc. Qsync Central
HighCVE-2025-33039: CWE-770 in QNAP Systems Inc. Qsync Central
HighCVE-2025-33034: CWE-22 in QNAP Systems Inc. Qsync Central
MediumCVE-2025-61685: CWE-548: Exposure of Information Through Directory Listing in mastra-ai mastra
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.