Qnap File Station 5: Two high-risk vulnerabilities fixed

Qnap has discovered and closed two security vulnerabilities in the NAS web interface File Station 5. Attackers can modify storage areas or paralyze the devices with denial-of-service attacks.

In a security announcement, Qnap discusses that one vulnerability is based on a NULL pointer dereference (a humorous typo at Qnap: deference) and attackers who gain access to a user account on the Qnap system can abuse the vulnerability for a denial of service. Vulnerabilities of this type usually lead to a crash – the program code expects a valid pointer, which, however, already points to NULL, which leads to undefined areas when accessed again (CVE-2025-29901 / EUVD-2025-25777, CVSS4 7.1, risk"high").

The second vulnerability, on the other hand, allows attackers to write outside designated memory areas and thus disrupt or specifically modify memory areas. Qnap does not explicitly write it, but this frequently allows (malicious) program code to be stored in memory. However, attackers must first gain access to a Qnap account (CVE-2025-47206 / EUVD-2025-25778, CVSS4 7.1, risk"high").

Deviating risk assessment

In the security notification, Qnap classifies the vulnerabilities as "moderate", although the assessment according to the CVSS standard sees a high risk. Anyone using the "File Explorer" File Station 5 or 5.5 should nevertheless install the updated firmware as soon as possible. Qnap claims to have fixed the bugs in File Station 5 version 5.5.6.4933 and newer. As usual, the update has been available for some time. The manufacturer is only now explaining that it closes security gaps.

Security vulnerabilities in Qnap's network storage were also discovered at the end of last year. Attackers were able to misuse them to infiltrate their own commands and compromise devices.

(dmk)