CVE-2025-58469
Last modified
CVE-2025-58469 is a low-severity vulnerability rated 1.2/10 on the CVSS scale. A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qulog Center | >= 1.8.0.872, < 1.8.2.923 |
References
- https://www.qnap.com/en/security-advisory/qsa-25-42Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-58469?
How severe is CVE-2025-58469?
How do I fix CVE-2025-58469?
Are you affected by CVE-2025-58469?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST