CVE-2025-57707
published 2026-02-11CVE-2025-57707: An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a…
low1.1CVSS 4.0
AVNACLATNPRLUIAVCNVILVANSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5166 and later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | file_station | >= 5.5.6.4691 < 5.5.6.5190 | 5.5.6.5190 |
| qnap_systems_inc | file_station_5 | >= 5.5.x < 5.5.6.5166 | 5.5.6.5166 |