CVE-2025-57707

CWE-963 documents3 sources
Severity
1.1LOW
EPSS
0.1%
top 82.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. File Station 5Qnap File Station
Timeline
PublishedFeb 11

Description

An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDqnap/file_station5.5.6.46915.5.6.5190
CVEListV5qnap_systems_inc./file_station_55.5.x5.5.6.5166

🔴Vulnerability Details

2
CVEList
File Station 52026-02-11
GHSA
GHSA-3v9p-vgm5-cgm3: An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 52026-02-11
CVE-2025-57707 (LOW CVSS 1.1) | An improper neutralization of direc | cvebase.io