CVE-2025-53594

🗓️ 02 Jan 2026 15:18:26Reported by qnapType

Path traversal flaw in Qfinder Pro, Qsync, QVPN lets local users read file contents; fixed in Mac versions 7.13.0, 5.1.5, 2.2.8.

Reporter	Title	Published	Views	Family All 7
CNNVD	QNAP Systems多款产品安全漏洞	2 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-53594 Qfinder Pro, Qsync, QVPN	2 Jan 202615:18	–	cvelist
EUVD	EUVD-2026-0665	2 Jan 202615:18	–	euvd
NVD	CVE-2025-53594	2 Jan 202616:16	–	nvd
Positive Technologies	PT-2026-1094	2 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-53594	3 Jan 202615:54	–	redhatcve
Vulnrichment	CVE-2025-53594 Qfinder Pro, Qsync, QVPN	2 Jan 202615:18	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Qfinder Pro Mac",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "7.13.0",
        "status": "affected",
        "version": "7.13.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Qsync for Mac",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QVPN Device Client for Mac",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.2.8",
        "status": "affected",
        "version": "2.2.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-25-55

15 Apr 2026 00:35Current

6.1Medium risk

Vulners AI Score6.1

CVSS 47.3

EPSS0.00004

SSVC

path traversal Qfinder Pro Qsync QVPN Mac versions