Skip to main content

File Station CVE-2025-54162

MEDIUM
Path Traversal (CWE-22)
2026-02-11 security@qnapsecurity.com.tw
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 11, 2026 - 13:15 nvd
MEDIUM 4.9

DescriptionCVE.org

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later

AnalysisAI

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Technical ContextAI

Classified as CWE-22 (Path Traversal). Affects File Station. A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later

RemediationAI

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

CVE-2025-33031 HIGH
8.8 Jun 06

CVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated

CVE-2025-30279 HIGH
8.8 Jun 06

CVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remo

CVE-2025-29885 HIGH
8.8 Jun 06

CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated

CVE-2025-29884 HIGH
8.8 Jun 06

CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent

CVE-2025-29883 HIGH
8.8 Jun 06

CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent

CVE-2025-22486 HIGH
8.8 Jun 06

CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated

CVE-2025-57707 HIGH
8.8 Feb 11

An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor

CVE-2025-29872 HIGH
7.5 Jun 06

Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources

CVE-2025-29877 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de

CVE-2025-29876 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de

CVE-2025-29873 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigg

CVE-2025-22490 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de

Share

CVE-2025-54162 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy