PT-2025-35254 · Qnap · Qnap License Center

Milan Solanki

Published

2025-08-29

Updated

2025-08-29

CVE-2025-22483

Report an issue

CVSS v4.0

7.1

Vector

AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions:

QNAP License Center versions prior to 1.8.51

QNAP License Center versions prior to 1.9.51

Description:

A cross-site scripting (XSS) vulnerability affects QNAP operating system versions. A remote attacker gaining an administrator account can exploit this issue to bypass security mechanisms or read application data.

Recommendations:

Update QNAP License Center to version 1.8.51 or later.

Update QNAP License Center to version 1.9.51 or later.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-22483

Affected Products

Qnap License Center

PT-2025-35254 · Qnap · Qnap License Center

Weakness Enumeration

Related Identifiers

Affected Products

References · 3