Qfinder Pro, Qsync, QVPN_CVE-2025-53594

4.4 / 10

MEDIUM

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Description

A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions:
Qfinder Pro Mac 7.13.0 and later
Qsync for Mac 5.1.5 and later
QVPN Device Client for Mac 2.2.8 and later

Basic Information

ID CVE-2025-53594

Source qnap

Published Jan 2, 2026 at 15:18

Affected Product

Vendor QNAP Systems Inc.

Product Qfinder Pro Mac

Version 7.13.x

Affected Versions QNAP Systems Inc. Qfinder Pro Mac 7.13.x
QNAP Systems Inc. Qsync for Mac 5.1.x
QNAP Systems Inc. QVPN Device Client for Mac 2.2.x

CWE Classification

CWE-22 CWE-59 CWE-367

References

www.qnap.com /en/security-advisory/qsa-25-55

{
    "lastseen": "",
    "description": "A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following versions:\nQfinder Pro Mac 7.13.0 and later\nQsync for Mac 5.1.5 and later\nQVPN Device Client for Mac 2.2.8 and later",
    "published": "2026-01-02T15:18:26.356Z",
    "modified": "2026-01-02T15:18:26.356Z",
    "type": "cve",
    "title": "Qfinder Pro, Qsync, QVPN",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-55",
    "id": "CVE-2025-53594",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-59",
        "CWE-367"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. Qfinder Pro Mac 7.13.x\nQNAP Systems Inc. Qsync for Mac 5.1.x\nQNAP Systems Inc. QVPN Device Client for Mac 2.2.x",
    "sourceHref": "",
    "cvss": {
        "score": 4.4,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Qfinder Pro Mac",
    "version": "7.13.x",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}