Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.
We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
AnalysisAI
CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. The vulnerability affects File Station 5 versions prior to 5.5.6.4791, and while it requires valid user credentials (PR:L in CVSS), the lack of user interaction requirement (UI:N) and network accessibility (AV:N) make it a high-severity threat in multi-user environments. No confirmed KEV or active exploitation data is available at this time, but the high CVSS score of 8.8 and the nature of certificate validation bypass attacks warrant immediate patching.
Technical ContextAI
This vulnerability stems from CWE-295 (Improper Certificate Validation), a fundamental cryptographic control failure where the application fails to properly validate X.509 certificates during TLS/SSL connections. In the context of File Station 5, this likely affects SMB/CIFS protocol handling or inter-service communication where certificate pinning or hostname validation is inadequately enforced. The affected product is Synology File Station (CPE pattern: cpe:2.3:a:synology:file_station:*), a NAS management application. The root cause is insufficient verification of certificate chain integrity, issuer authenticity, or domain name matching, allowing man-in-the-middle (MITM) attacks or connection spoofing to trusted backend services. This is a protocol-level vulnerability affecting the TLS handshake validation logic.
RemediationAI
- action: Immediate Patching; details: Upgrade File Station 5 to version 5.5.6.4791 or later. This patch addresses the improper certificate validation flaw.; priority: CRITICAL
- action: Access Control Review; details: Audit user accounts with File Station access to ensure only necessary users have credentials. Disable unused accounts to reduce attack surface, as the vulnerability requires PR:L (authenticated access).
- action: Network Segmentation; details: Restrict File Station access to trusted networks or implement VPN-based access. Reduce internal network exposure where MITM attacks exploiting certificate validation bypass could succeed.
- action: Monitor for Suspicious Activity; details: Enable File Station and DSM audit logging to detect anomalous data access or system configuration changes that might indicate post-authentication compromise.
- action: Vendor Advisory; details: Check Synology Security Advisory for official patch details and deployment guidance. Synology typically provides patches through DSM Package Manager or manual package downloads.
More in File Station
View allCVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remo
CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated
CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authent
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been repor
Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigg
NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a de
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit th
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17343