Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Analysis
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Technical ContextAI
An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).
RemediationAI
Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.
More in File Station
View allCVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remo
CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor
Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigg
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17337