← Back

CVE-2025-58469

nvd nist
Published: Nov 7, 2025Modified: Nov 14, 2025

JSON object

Loading...
1.2
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security@qnapsecurity.com.tw (Secondary)

Description

A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later

Affected (1)

Products: Qnap: Qulog Center
Qnap
1 product
Qulog Center
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qulog Center
From 1.8.0.872 to 1.8.2.923

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

Source: security@qnapsecurity.com.tw
Vendor Advisory

Timeline

No history available yet.