Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN776
_____________________________________________________________________

DATE                : 10/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running QuMagie versions prior to
                                   2.7.3.

=====================================================================
https://www.qnap.com/en/security-advisory/qsa-25-33
https://www.qnap.com/en/security-advisory/qsa-25-43
_____________________________________________________________________


Security ID : QSA-25-33
Vulnerability in QuMagie

    Release date : November 8, 2025

    CVE identifier : CVE-2025-52425

    Affected products: QuMagie 2.6.x

Severity
Critical

Status
Resolved
Summary

An SQL injection vulnerability has been reported to affect QuMagie. A
remote attacker can exploit the vulnerability to execute unauthorized
code or commands.
  

We have already fixed the vulnerability in the following version:


Affected Product 	Fixed Version
QuMagie 2.6.x 	QuMagie 2.7.0 and later


Recommendation

To fix the vulnerability, we recommend updating QuMagie to the latest
version.


Updating QuMagie

    Log on to QTS or QuTS hero as an administrator.
    Open App Center and then click .
    A search box appears.
    Type "QuMagie" and then press ENTER.
    QuMagie appears in the search results.
    Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your QuMagie is already
up to date.
    Click OK.
    The system updates the application.


Attachment

    CVE-2025-52425.json


Acknowledgements: Long Hà

Revision History:
V1.0 (November 8, 2025) - Published

_____________________________________________________________________



Security ID : QSA-25-43
Vulnerability in QuMagie

    Release date : November 8, 2025

    CVE identifier : CVE-2025-58464

    Affected products: QuMagie 2.7.x

Severity
Important

Status
Resolved


Summary

A relative path traversal vulnerability has been reported to affect
QuMagie. If exploited, a remote attacker can read the contents of
unexpected files or system data.
  

We have already fixed the vulnerability in the following version:

Affected Product 	Fixed Version
QuMagie 2.7.x 	QuMagie 2.7.3 and later


Recommendation

To fix the vulnerability, we recommend updating QuMagie to the
latest version.


Updating QuMagie

    Log on to QTS or QuTS hero as an administrator.
    Open App Center and then click .
    A search box appears.
    Type "QuMagie" and then press ENTER.
    QuMagie appears in the search results.
    Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your QuMagie
is already up to date.
    Click OK.
    The system updates the application.


Attachment

    CVE-2025-58464.json


Acknowledgements: Tim Coen

Revision History:
V1.0 (November 8, 2025) - Published


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================