Severity
High
Analysis Summary
CVE-2025-29871 CVSS:2.4
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
CVE-2025-22490 CVSS:5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
CVE-2025-29873 CVSS:5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
CVE-2025-29876 CVSS:5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
CVE-2025-29877 CVSS:5.3
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
Impact
- Denial of Service
Indicators of Compromise
CVE
CVE-2025-22490
CVE-2025-29871
CVE-2025-29873
CVE-2025-29876
CVE-2025-29877
Affected Vendors
Affected Products
- QNAP File Station 5 version 5.5.x
Remediation
Refer to QNAP Security Advisory for patch, upgrade, or suggested workaround information.