Relative Path Traversal

CVE-2025-58467

Low

1.3/10

Summary

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-23 - Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References

Advisory Timeline

Published Feb 11, 2026

Relative Path Traversal

CVE-2025-58467

Summary

CWE-23 - Relative Path Traversal

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS