Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN548
_____________________________________________________________________

DATE                : 26/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Qnap File Station 5 versions prior
                                    to 5.5.6.4933.

=====================================================================
https://www.qnap.com/go/security-advisory/qsa-25-31
_____________________________________________________________________


Security ID : QSA-25-31
Multiple Vulnerabilities in File Station 5

    Release date : August 26, 2025

    CVE identifier : CVE-2025-29901 | CVE-2025-47206

    Affected products: File Station 5 version 5.5.x

Severity
Moderate

Status
Resolved


Summary

Multiple vulnerabilies have been reported to affect File Station 5:

    CVE-2025-29901: NULL pointer deference vulnerability. If a remote
attacker gains access to a user account, they can then exploit the
vulnerability to launch a denial-of-service (DoS) attack.

    CVE-2025-47206: Out of bounds write vulnerability. If a remote
attacker gains access to a user account, they can then exploit the
vulnerability to modify or corrupt memory.
  

We have already fixed the vulnerabilities in the following version:


Affected Product 	Fixed Version
File Station 5 version 5.5.x 	File Station 5 version 5.5.6.4933
and later


Recommendation

To fix the vulnerabilities, we recommend updating File Station 5 to
the latest version.

Updating File Station 5

    Log on to QTS or QuTS hero as an administrator.
    Open App Center and then click .
    A search box appears.
    Type "File Station 5" and then press ENTER.
    File Station 5 appears in the search results.
    Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your File Station 5
is already up to date.
    Click OK.
    The system updates the application.

  

Attachment

    CVE-2025-29901.json
    CVE-2025-47206.json


Acknowledgements: coral


Revision History:
V1.0 (August 26, 2025) - Published


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================