Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
AnalysisAI
CVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. An attacker with valid user credentials can exploit insufficient SSL/TLS certificate validation to perform man-in-the-middle attacks or bypass security controls. The vulnerability has a high CVSS score of 8.8 and affects all versions of File Station 5 prior to 5.5.6.4847; patches are available from Synology.
Technical ContextAI
This vulnerability stems from CWE-295 (Improper Certificate Validation), a root cause class where applications fail to properly validate X.509 certificates during SSL/TLS handshakes. In the context of File Station 5, the affected product likely uses certificate validation for secure communications with backend services, storage systems, or client connections. The improper validation mechanism may accept self-signed certificates, expired certificates, or certificates with mismatched hostnames, allowing attackers with network access to intercept encrypted communications. File Station 5 is Synology's web-based file management solution (CPE pattern: cpe:2.3:a:synology:file_station:*). The vulnerability requires prior authentication, indicating the certificate validation flaw exists within authenticated user session handling or inter-service communication chains.
More in File Station
View allCVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remo
CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor
Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigg
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit th
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17331