CVE-2024-53694 HIGH

CVE-2024-53694: QVPN Device Client, Qsync, Qfinder Pro

Vendor Qnap Systems Inc.
Product QVPN Device Client for Mac
Weakness CWE-367
Published March 7, 2025
Last update March 7, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later

Key dates

02Disclosure timeline

March 7, 2025 CVE published
March 7, 2025 Record updated