Skip to main content

File Station EUVDEUVD-2025-17332

| CVE-2025-30279 HIGH
Improper Certificate Validation (CWE-295)
2025-06-06 security@qnapsecurity.com.tw
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:44 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
5.5.6.4847
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17332
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
CVE Published
Jun 06, 2025 - 16:15 nvd
HIGH 8.8

DescriptionCVE.org

An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

AnalysisAI

CVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. Affected versions are below 5.5.6.4847; the vulnerability requires valid user credentials but no user interaction, making it a significant post-authentication attack vector with a CVSS score of 8.8 indicating high severity.

Technical ContextAI

This vulnerability stems from improper X.509 certificate validation (CWE-295), a critical flaw in SSL/TLS certificate verification mechanisms. File Station 5, a file management service on QNAP NAS systems, fails to properly validate certificates during secure communications, potentially allowing man-in-the-middle (MITM) attacks or bypass of authentication controls. The root cause involves inadequate implementation of certificate chain validation, hostname verification, or certificate pinning mechanisms. An authenticated attacker can exploit this to intercept, modify, or forge secure communications, leading to complete system compromise including unauthorized data access, modification, and service disruption.

RemediationAI

Immediate remediation requires upgrading File Station 5 to version 5.5.6.4847 or later. Organizations should: (1) Apply the vendor patch immediately to all affected QNAP NAS systems; (2) Verify patch deployment through QNAP management interfaces; (3) Review user account access logs for suspicious activities during the vulnerability window; (4) Implement network segmentation to restrict File Station access to trusted networks; (5) Monitor certificate validation errors in system logs; (6) Consider temporary service restrictions until patching is complete. No workarounds are documented; patching is the primary mitigation path. Refer to QNAP's official security advisory for detailed patch deployment procedures and rollback guidance.

CVE-2025-33031 HIGH
8.8 Jun 06

CVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated

CVE-2025-29885 HIGH
8.8 Jun 06

CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated

CVE-2025-29884 HIGH
8.8 Jun 06

CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent

CVE-2025-29883 HIGH
8.8 Jun 06

CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent

CVE-2025-22486 HIGH
8.8 Jun 06

CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated

CVE-2025-57707 HIGH
8.8 Feb 11

An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor

CVE-2025-29872 HIGH
7.5 Jun 06

Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources

CVE-2025-29877 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de

CVE-2025-29876 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de

CVE-2025-29873 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigg

CVE-2025-22490 HIGH
7.5 Jun 06

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de

CVE-2025-57713 HIGH
7.5 Feb 11

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit th

Share

EUVD-2025-17332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy