Qnap File Station vulnerabilities

CVE-2025-33035 [HIGH] CWE-22 CVE-2025-33035: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gai A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVE-2025-29884 [HIGH] CWE-295 CVE-2025-29884: An improper certificate validation vulnerability has been reported to affect File Station 5. If expl An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

CVE-2025-29877 [MEDIUM] CWE-476 CVE-2025-29877: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote at A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVE-2025-22490 [MEDIUM] CWE-476 CVE-2025-22490: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote at A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVE-2025-29876 [MEDIUM] CWE-476 CVE-2025-29876: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote at A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVE-2025-29873 [MEDIUM] CWE-476 CVE-2025-29873: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote at A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVE-2025-29871 [LOW] CWE-125 CVE-2025-29871: An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVE-2024-48864 [MEDIUM] CWE-552 CVE-2024-48864: A files or directories accessible to external parties vulnerability has been reported to affect File A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4741 and later