Qnap Systems Inc. File Station 5 vulnerabilities
49 known vulnerabilities affecting qnap_systems_inc./file_station_5.
Total CVEs
49
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH15MEDIUM18LOW16
Vulnerabilities
Page 1 of 3
CVE-2025-54169MEDIUMCVSS 4.9≥ 5.5.x, < 5.5.6.50682026-02-11
CVE-2025-54169 [MEDIUM] CWE-125 CVE-2025-54169: An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5068 and later
cvelistv5nvd
CVE-2025-54162MEDIUMCVSS 4.8≥ 5.5.x, < 5.5.6.50682026-02-11
CVE-2025-54162 [MEDIUM] CWE-22 CVE-2025-54162: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5068 and later
cvelistv5nvd
CVE-2025-62853MEDIUMCVSS 5.2≥ 5.5.x, < 5.5.6.51662026-02-11
CVE-2025-62853 [MEDIUM] CWE-22 CVE-2025-62853: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5166 and later
cvelistv5nvd
CVE-2025-62854LOWCVSS 1.3≥ 5.5.x, < 5.5.6.51902026-02-11
CVE-2025-62854 [LOW] CWE-400 CVE-2025-62854: An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a
An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
cvelistv5nvd
CVE-2026-22894LOWCVSS 1.3≥ 5.5.x, < 5.5.6.51902026-02-11
CVE-2026-22894 [LOW] CWE-22 CVE-2026-22894: A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gain
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
cvelistv5nvd
CVE-2025-57707LOWCVSS 1.1≥ 5.5.x, < 5.5.6.51662026-02-11
CVE-2025-57707 [LOW] CWE-96 CVE-2025-57707: An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerab
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6
cvelistv5nvd
CVE-2025-66278LOWCVSS 1.3≥ 5.5.x, < 5.5.6.51902026-02-11
CVE-2025-66278 [LOW] CWE-22 CVE-2025-66278: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
cvelistv5nvd
CVE-2025-57713LOWCVSS 1.3≥ 5.5.x, < 5.5.6.51662026-02-11
CVE-2025-57713 [LOW] CWE-1390 CVE-2025-57713: A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5166 and later
cvelistv5nvd
CVE-2025-62855LOWCVSS 1.3≥ 5.5.x, < 5.5.6.51902026-02-11
CVE-2025-62855 [LOW] CWE-22 CVE-2025-62855: A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
cvelistv5nvd
CVE-2025-54155LOWCVSS 3.6≥ 5.5.x, < 5.5.6.50182026-02-11
CVE-2025-54155 [LOW] CWE-770 CVE-2025-54155: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the foll
cvelistv5nvd
CVE-2025-54163LOWCVSS 1.2≥ 5.5.x, < 5.5.6.51662026-02-11
CVE-2025-54163 [LOW] CWE-476 CVE-2025-54163: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5166 and later
cvelistv5nvd
CVE-2025-54161LOWCVSS 3.6≥ 5.5.x, < 5.5.6.50682026-02-11
CVE-2025-54161 [LOW] CWE-770 CVE-2025-54161: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the foll
cvelistv5nvd
CVE-2025-62856LOWCVSS 1.3≥ 5.5.x, < 5.5.6.51902026-02-11
CVE-2025-62856 [LOW] CWE-22 CVE-2025-62856: A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
cvelistv5nvd
CVE-2025-47207MEDIUMCVSS 5.3≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-47207 [MEDIUM] CWE-476 CVE-2025-47207: A NULL pointer dereference vulnerability has been reported to affect several product versions. If a
A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5018 and later
cvelistv5nvd
CVE-2025-53413MEDIUMCVSS 4.9≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-53413 [MEDIUM] CWE-770 CVE-2025-53413: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following v
cvelistv5nvd
CVE-2025-53410MEDIUMCVSS 4.9≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-53410 [MEDIUM] CWE-770 CVE-2025-53410: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following v
cvelistv5nvd
CVE-2025-53409MEDIUMCVSS 4.9≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-53409 [MEDIUM] CWE-770 CVE-2025-53409: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following v
cvelistv5nvd
CVE-2025-52865LOWCVSS 1.3≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-52865 [LOW] CWE-476 CVE-2025-52865: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5018 and later
cvelistv5nvd
CVE-2025-53412LOWCVSS 0.6≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-53412 [LOW] CWE-476 CVE-2025-53412: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5018 and later
cvelistv5nvd
CVE-2025-53408LOWCVSS 1.3≥ 5.5.x, < 5.5.6.50182025-11-07
CVE-2025-53408 [LOW] CWE-476 CVE-2025-53408: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5018 and later
cvelistv5nvd
1 / 3Next →