QNAP File Station
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP File Station.
By the Year
In 2026 there have been 13 vulnerabilities in QNAP File Station. Last year, in 2025 File Station had 19 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in File Station in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 13 | 0.00 |
| 2025 | 19 | 7.82 |
It may take a day or so for new File Station vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP File Station Security Vulnerabilities
OOM Resource Allocation in File Station 5 before 5.5.6.5018
CVE-2025-54155
- February 11, 2026
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Allocation of Resources Without Limits or Throttling
Resource Allocation DoS in Synology File Station 5 (Fixed 5.5.6.5068)
CVE-2025-54161
- February 11, 2026
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
Allocation of Resources Without Limits or Throttling
File Station 5 Path Traversal CVE-2025-54162 (before 5.5.6.5068)
CVE-2025-54162
- February 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
Directory traversal
File Station 5 NULL Pointer Deref DoS (Admin) Fixed in 5.5.6.5166
CVE-2025-54163
- February 11, 2026
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
NULL Pointer Dereference
Out-of-bounds Read in Synology File Station 5 before 5.5.6.5068
CVE-2025-54169
- February 11, 2026
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
Out-of-bounds Read
File Station 5 Static Code Injection Before 5.5.6.5166
CVE-2025-57707
- February 11, 2026
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
Static Code Injection
Synology File Station 5 weak auth flaw (CVE-2025-57713) fixed in 5.5.6.5166
CVE-2025-57713
- February 11, 2026
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
1390
File Station 5 Path Traversal (CVE-2025-62853) reads files (fixed 5.5.6.5166)
CVE-2025-62853
- February 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
Directory traversal
Uncontrolled Resource Consumption in Synology File Station 5 (<5.5.6.5190) DoS
CVE-2025-62854
- February 11, 2026
An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
Resource Exhaustion
File Station 5 Path Traversal Fix v5.5.6.5190
CVE-2025-62855
- February 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
Directory traversal
File Station 5 Path Traversal <5.5.6.5190 Local Admin Can Read Files
CVE-2025-62856
- February 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
Directory traversal
File Station 5 path traversal allows remote file read - fixed in 5.5.6.5190
CVE-2025-66278
- February 11, 2026
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
Directory traversal
File Station Path Traversal CVE-2026-22894 Fixed in 5.5.6.5190
CVE-2026-22894
- February 11, 2026
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
Directory traversal
File Station NULL ptr deref DoS before 5.5.6.5018
CVE-2025-47207
- November 07, 2025
A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
NULL Pointer Dereference
Synology File Station 5 NULL Pointer DoS Vulnerability (v5.5.6.5018+ Fix)
CVE-2025-52865
- November 07, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
NULL Pointer Dereference
File Station 5 Null DP DoS fixed in 5.5.6.5018
CVE-2025-53408
- November 07, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
NULL Pointer Dereference
File Station 5 Resource Allocation DoS Fixed in 5.5.6.5018
CVE-2025-53409
- November 07, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Allocation of Resources Without Limits or Throttling
File Station 5 Resource Exhaustion (CVE-2025-53410) pre5.5.6.5018
CVE-2025-53410
- November 07, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Allocation of Resources Without Limits or Throttling
Resource Exhaustion Vulnerability in File Station 5 (fixed 5.5.6.5018)
CVE-2025-53411
- November 07, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Allocation of Resources Without Limits or Throttling
NULL Pointer DoS in Synology File Station before 5.5.6.5018
CVE-2025-53412
- November 07, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
NULL Pointer Dereference
File Station 5 RCE: Unlimited Resource Allocation (fixed 5.5.6.5018)
CVE-2025-53413
- November 07, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
Allocation of Resources Without Limits or Throttling
File Station 5 XSS via User Account, Fixed in 5.5.6.5018
CVE-2025-57706
- November 07, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
XSS
File Station 5 Improper Cert Validation (before 5.5.6.4791)
CVE-2025-29883
8.8 - High
- June 06, 2025
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Improper Certificate Validation
File Station 5 OOB Read Vulnerability Fixed in 5.5.6.4847
CVE-2025-29871
5.5 - Medium
- June 06, 2025
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Out-of-bounds Read
File Station 5.0-5.5.5: Unbounded Resource Allocation (CVE-2025-29872)
CVE-2025-29872
7.5 - High
- June 06, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Allocation of Resources Without Limits or Throttling
Null Pointer Deref in Synology File Station <=5.5.6.4847 leads to DoS
CVE-2025-29873
7.5 - High
- June 06, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
NULL Pointer Dereference
File Station 5 NULL ptr deref causing DoS – fixed in 5.5.6.4847
CVE-2025-29876
7.5 - High
- June 06, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
NULL Pointer Dereference
Synology File Station 5 NULL PTR DoS before 5.5.6.4847
CVE-2025-29877
7.5 - High
- June 06, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
NULL Pointer Dereference
File Station 5 Improper Cert Validation CVE-2025-29884 – Fixed 5.5.6.4791+
CVE-2025-29884
8.8 - High
- June 06, 2025
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Improper Certificate Validation
Synology File Station Improper Cert Validation v<5.5.6.4791
CVE-2025-29885
8.8 - High
- June 06, 2025
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Improper Certificate Validation
File Station 5 Improper Cert Validation VULN (Fixed in 5.5.6.4791)
CVE-2025-22486
8.8 - High
- June 06, 2025
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Improper Certificate Validation
File Station 5 NULL Pointer DoS – Fixed 5.5.6.4847 (Remote)
CVE-2025-22490
7.5 - High
- June 06, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for QNAP File Station or by QNAP? Click the Watch button to subscribe.
