Notification Center_CVE-2025-54167

7.2 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.

We have already fixed the vulnerability in the following versions:
Notification Center 2.1.0.3443 and later
Notification Center 1.9.2.3163 and later
Notification Center 3.0.0.3466 and later

Basic Information

ID CVE-2025-54167

Source qnap

Published Nov 7, 2025 at 15:12

Modified Nov 7, 2025 at 15:57

Affected Product

Vendor QNAP Systems Inc.

Product Notification Center

Version 2.1.x

Affected Versions QNAP Systems Inc. Notification Center 2.1.x
QNAP Systems Inc. Notification Center 1.9.x
QNAP Systems Inc. Notification Center 3.0.x

CWE Classification

CWE-79

References

www.qnap.com /en/security-advisory/qsa-25-40

{
    "lastseen": "",
    "description": "A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nNotification Center 2.1.0.3443 and later\nNotification Center 1.9.2.3163 and later\nNotification Center 3.0.0.3466 and later",
    "published": "2025-11-07T15:12:39.176Z",
    "modified": "2025-11-07T15:57:14.662Z",
    "type": "cve",
    "title": "Notification Center",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-40",
    "id": "CVE-2025-54167",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. Notification Center 2.1.x\nQNAP Systems Inc. Notification Center 1.9.x\nQNAP Systems Inc. Notification Center 3.0.x",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Notification Center",
    "version": "2.1.x",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}