Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN169 _____________________________________________________________________ DATE : 16/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running File Station 5 versions prior to 5.5.6.5190. ===================================================================== https://www.qnap.com/fr-fr/security-advisory/qsa-26-03 _____________________________________________________________________ Security ID : QSA-26-03 Multiple Vulnerabilities in File Station 5 Release date : February 12, 2026 CVE identifier : CVE-2025-54155 | CVE-2025-54161 | CVE-2025-54162 | CVE-2025-54163 | CVE-2025-54169 | CVE-2025-57707 | CVE-2025-57713 | CVE-2025-62853 | CVE-2025-62854 | CVE-2025-62855 | CVE-2025-62856 | CVE-2025-66278 | CVE-2026-22894 Affected products: File Station 5 version 5.5.x Severity Important Status Resolved Summary Multiple vulnerabilities have been reported to affect File Station 5: CVE-2025-54155, CVE-2025-54161: Allocation of resources without limits or throttling vulnerability If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. CVE-2025-54162: Path traversal vulnerability If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. CVE-2025-62853, CVE-2025-66278, CVE-2026-22894: Path traversal vulnerability If a remote attacker gains access to a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. CVE-2025-62855, CVE-2025-62856: Path traversal vulnerability If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. CVE-2025-54163: NULL pointer dereference vulnerability If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. CVE-2025-54169: Out-of-bounds read vulnerability If a remote attacker gains access to a user account, they can then exploit the vulnerability to obtain secret data. CVE-2025-57707: Improper neutralization of directives in statically saved code (static code injection) vulnerability If a remote attacker gains access to a user account, they can then exploit the vulnerability to access restricted data or files. CVE-2025-57713: Weak authentication vulnerability If exploited, remote attackers can gain sensitive information. CVE-2025-62854: Uncontrolled resource consumption vulnerability If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerabilities in the following version: Affected Product Fixed Version File Station 5 version 5.5.x File Station 5 version 5.5.6.5190 and later Recommendation To fix the vulnerabilities, we recommend updating File Station 5 to the latest version. Updating File Station 5 Log on to QTS or QuTS hero as an administrator. Open App Center and then click . A search box appears. Type "File Station 5" and then press ENTER. File Station 5 appears in the search results. Click Update. A confirmation message appears. Note: The Update button is not available if your File Station 5 is already up to date. Click OK. The system updates the application. Attachment CVE-2025-54161.json CVE-2025-54162.json CVE-2025-54163.json CVE-2025-54169.json CVE-2025-57707.json CVE-2025-57713.json ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================