File Station
CVE-2025-53409
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
AnalysisAI
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later Affected products include: Qnap File Station.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.
More in File Station
View allCVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remo
CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor
Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigg
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today