CVE-2025-58463 — Relative Path Traversal in Systems INC Download Station

CWE-23 — Relative Path Traversal3 documents3 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 84.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Download Station Qnap Download Station

Timeline

PublishedNov 7

Description

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Affected Packages2 packages

▶CVEListV5qnap_systems_inc/download_station5.10.x — 5.10.0.305 ( 2025/09/16 )+1

▶NVDqnap/download_station5.10.0.291 — 5.10.0.305+1

🔴Vulnerability Details

GHSA

GHSA-cc6p-pmxf-h4wh: A relative path traversal vulnerability has been reported to affect Download Station↗2025-11-07

▶

CVEList

Download Station↗2025-11-07

▶