PT-2025-10107 · Qnap · Qfinder Pro Mac+2

Mykola Grymalyuk

Published

2025-03-07

Updated

2025-03-08

CVE-2024-53694

CVSS v4.0

8.6

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions QVPN Device Client for Mac versions prior to 2.2.5 Qsync for Mac versions prior to 5.1.3 Qfinder Pro Mac versions prior to 7.11.1

Description A time-of-check time-of-use (TOCTOU) race condition issue has been reported, which could allow local attackers with user access to gain unauthorized access to resources.

Recommendations For QVPN Device Client for Mac versions prior to 2.2.5, update to version 2.2.5 or later. For Qsync for Mac versions prior to 5.1.3, update to version 5.1.3 or later. For Qfinder Pro Mac versions prior to 7.11.1, update to version 7.11.1 or later.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2024-53694

Affected Products

Qvpn Device Client For Mac

Qfinder Pro Mac

Qsync For Mac

PT-2025-10107 · Qnap · Qfinder Pro Mac+2

CVE-2024-53694

Weakness Enumeration

Related Identifiers

Affected Products

References · 6