Vulnerability Details CVE-2025-22483
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
License Center 1.8.51 and later
License Center 1.9.51 and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.5%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2025-22483
-
cpe:2.3:a:qnap:license_center:1.8.17
-
cpe:2.3:a:qnap:license_center:1.8.26
-
cpe:2.3:a:qnap:license_center:1.8.27
-
cpe:2.3:a:qnap:license_center:1.8.30
-
cpe:2.3:a:qnap:license_center:1.8.32
-
cpe:2.3:a:qnap:license_center:1.8.38
-
cpe:2.3:a:qnap:license_center:1.8.43
-
cpe:2.3:a:qnap:license_center:1.8.49
-
cpe:2.3:a:qnap:license_center:1.9.36
-
cpe:2.3:a:qnap:license_center:1.9.38
-
cpe:2.3:a:qnap:license_center:1.9.43
-
cpe:2.3:a:qnap:license_center:1.9.49