Which versions of File Station are affected by CVE-2024-48864?

Organizations using A files or directories accessible to external parties vulnerability should be aware of moderate risk from CVE-2024-48864, a file access vulnerability rated CVSS 5.3.

How to fix or mitigate CVE-2024-48864?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

File Station CVE-2024-48864

Q: What is the CVSS score of CVE-2024-48864?

CVE-2024-48864 has a CVSS 4.0 base score of 5.3 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

MEDIUM

Files or Directories Accessible to External Parties (CWE-552)

2025-03-07 security@qnapsecurity.com.tw

Information Disclosure Path Traversal File Station

5.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:30 vuln.today

CVE Published

Mar 07, 2025 - 17:15 nvd

MEDIUM 5.3

DescriptionNVD

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories.

We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4741 and later

AnalysisAI

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-552. A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4741 and later Affected products include: Qnap File Station.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-48864 vulnerability details – vuln.today

Back

File Station CVE-2024-48864

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

File Station CVE-2024-48864

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code