What is the CVSS score of CVE-2025-57707?

CVE-2025-57707 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of File Station are affected by CVE-2025-57707?

CVE-2025-57707 is a critical vulnerability in File Station 5 that allows authenticated attackers to bypass access controls and access restricted data through static code injection.

How to fix or mitigate CVE-2025-57707?

Within 24 hours: Identify all File Station 5 deployments and audit active user accounts for suspicious access patterns. Within 7 days: Implement network segmentation to restrict File Station access to authorized personnel only, enforce multi-factor authentication for all File Station accounts, and disable remote access where operationally feasible. Within 30 days: Prepare for vendor patch deployment, conduct full access logs review for unauthorized file access, and consider migration to alternative solutions if patch timeline is unacceptable.

File Station CVE-2025-57707

HIGH

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') (CWE-96)

2026-02-11 security@qnapsecurity.com.tw

Code Injection File Station

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 13:15 nvd

HIGH 8.8

DescriptionNVD

An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later

AnalysisAI

Technical ContextAI

Affects File Station. An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-57707 vulnerability details – vuln.today

Back

File Station CVE-2025-57707

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code