Video Station SQLi RCE, fixed v5.8.2 (admin local)
CVE-2024-14025 Published on March 11, 2026

Video Station
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

NVD

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2024-14025 has been classified to as a SQL Injection vulnerability or weakness.

Products Associated with CVE-2024-14025

Want to know whenever a new CVE is published for QNAP Video Station? stack.watch will email you.

QNAP Video Station

Affected Versions

QNAP Systems Inc. Video Station:

Version 5.8.x and below 5.8.2 is affected.

Video Station SQLi RCE, fixed v5.8.2 (admin local)CVE-2024-14025 Published on March 11, 2026

Weakness Type

What is a SQL Injection Vulnerability?

Products Associated with CVE-2024-14025

Affected Versions

Video Station SQLi RCE, fixed v5.8.2 (admin local)
CVE-2024-14025 Published on March 11, 2026