关键信息 Security ID: QSA-25-40 Title: Vulnerability in Notification Center Release Date: November 8, 2025 CVE Identifier: CVE-2025-54167 Affected Products: Notification Center 1.9.x, 2.1.x, 3.0.x Severity: Moderate Status: Resolved Summary Vulnerability Type: Cross-site scripting (XSS) Impact: Remote attackers can exploit this vulnerability if they gain access to an administrator account to bypass security mechanisms or read application data. Fixed Versions: - Notification Center 1.9.2.3163 and later - Notification Center 2.1.0.3443 and later - Notification Center 3.0.0.3466 and later Recommendation Update Notification Center to the latest version. Updating Notification Center 1. Log on to QTS or QuTS hero as an administrator. 2. Open App Center and search for "Notification Center". 3. Click Update. 4. Click OK. Attachment CVE-2025-54167.json Acknowledgements Mohammad Abdullah - Infosec Researcher & Bugbounty hunter Revision History V1.0 (November 8, 2025) - Published