CVE-2025-29901

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later

CVSS

No CVSS.

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-25-31

Configurations

No configuration.

History

26 Aug 2025, 13:41

Type	Values Removed	Values Added
Summary		(es) Se ha informado de una vulnerabilidad de desreferencia de puntero nulo que afecta a File Station 5. Si un atacante remoto obtiene una cuenta de usuario, puede explotar la vulnerabilidad para lanzar un ataque de denegación de servicio (DoS). Ya hemos corregido la vulnerabilidad en la siguiente versión: File Station 5 5.5.6.4933 y posteriores.

26 Aug 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-26 10:15

Updated : 2025-08-26 13:41

NVD link : CVE-2025-29901

Mitre link : CVE-2025-29901

CVE.ORG link : CVE-2025-29901

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-29901", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-26T10:15:32.803", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-31", "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4933 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de desreferencia de puntero nulo que afecta a File Station 5. Si un atacante remoto obtiene una cuenta de usuario, puede explotar la vulnerabilidad para lanzar un ataque de denegaci\u00f3n de servicio (DoS). Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: File Station 5 5.5.6.4933 y posteriores."}], "lastModified": "2025-08-26T13:41:58.950", "sourceIdentifier": "security@qnapsecurity.com.tw"}