CVE-2025-58464 | THREATINT

Description

A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later

PUBLISHED Reserved 2025-09-03 | Published 2025-11-07 | Updated 2025-11-07 | Assigner qnap

HIGH: 7.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Problem types

CWE-23

Product status

Default status

unaffected

2.7.x (custom) before 2.7.3

affected

Credits

Tim Coen finder

References

www.qnap.com/en/security-advisory/qsa-25-43

cve.org (CVE-2025-58464)

nvd.nist.gov (CVE-2025-58464)

Download JSON