Qnap File Station vulnerabilities

48 known vulnerabilities affecting qnap/file_station.

Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH14MEDIUM18LOW16

Vulnerabilities

Page 1 of 3
CVE-2025-54162MEDIUMCVSS 4.8≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-54162 [MEDIUM] CWE-22 CVE-2025-54162: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
nvd
CVE-2025-54169MEDIUMCVSS 4.9≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-54169 [MEDIUM] CWE-125 CVE-2025-54169: An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
nvd
CVE-2025-62853MEDIUMCVSS 5.2≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-62853 [MEDIUM] CWE-22 CVE-2025-62853: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
nvd
CVE-2025-62854LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-62854 [LOW] CWE-400 CVE-2025-62854: An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
nvd
CVE-2025-66278LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-66278 [LOW] CWE-22 CVE-2025-66278: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
nvd
CVE-2025-57713LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-57713 [LOW] CWE-1390 CVE-2025-57713: A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
nvd
CVE-2025-62855LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-62855 [LOW] CWE-22 CVE-2025-62855: A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
nvd
CVE-2025-57707LOWCVSS 1.1≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-57707 [LOW] CWE-96 CVE-2025-57707: An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerab An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the vulnerability in the following version: File Station 5 5.5.6
nvd
CVE-2026-22894LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2026-22894 [LOW] CWE-22 CVE-2026-22894: A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gain A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
nvd
CVE-2025-54155LOWCVSS 3.6≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-54155 [LOW] CWE-770 CVE-2025-54155: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the foll
nvd
CVE-2025-54161LOWCVSS 3.6≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-54161 [LOW] CWE-770 CVE-2025-54161: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the foll
nvd
CVE-2025-62856LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-62856 [LOW] CWE-22 CVE-2025-62856: A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
nvd
CVE-2025-54163LOWCVSS 1.2≥ 5.5.6.4691, < 5.5.6.51902026-02-11
CVE-2025-54163 [LOW] CWE-476 CVE-2025-54163: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
nvd
CVE-2025-53410MEDIUMCVSS 4.9≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-53410 [MEDIUM] CWE-770 CVE-2025-53410: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following v
nvd
CVE-2025-53409MEDIUMCVSS 4.9≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-53409 [MEDIUM] CWE-770 CVE-2025-53409: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following v
nvd
CVE-2025-47207MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-47207 [MEDIUM] CWE-476 CVE-2025-47207: A NULL pointer dereference vulnerability has been reported to affect several product versions. If a A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
nvd
CVE-2025-53413MEDIUMCVSS 4.9≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-53413 [MEDIUM] CWE-770 CVE-2025-53413: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following v
nvd
CVE-2025-52865LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-52865 [LOW] CWE-476 CVE-2025-52865: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
nvd
CVE-2025-53408LOWCVSS 1.3≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-53408 [LOW] CWE-476 CVE-2025-53408: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
nvd
CVE-2025-53412LOWCVSS 0.6≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-53412 [LOW] CWE-476 CVE-2025-53412: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
nvd
1 / 3Next →