QNAP Security Advisory on Multiple Resolved Vulnerabilities in File Station 5
The firm recommend updating File Station 5 NAS App to latest version
This is a Press Release edited by StorageNewsletter.com on August 29, 2025 at 2:01 pmQnap Systems, Inc. had published a security advisory concerning resolved vulnerabilities in File Station 5 App for its NAS.
Release date: August 26, 2025
CVE identifier: CVE-2025-29901 | CVE-2025-47206
Affected products: File Station 5 version 5.5.x
Severity: Moderate
Status: Resolved
Summary
Multiple vulnerabilies have been reported to affect File Station 5:
- CVE-2025-29901: NULL pointer deference vulnerability. If a remote attacker gains access to a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
- CVE-2025-47206: Out of bounds write vulnerability. If a remote attacker gains access to a user account, they can then exploit the vulnerability to modify or corrupt memory.
The company have already fixed the vulnerabilities in following version:
|
Affected Product |
Fixed Version |
|
File Station 5 version 5.5.x |
File Station 5 version 5.5.6.4933 and later |
Recommendation
To fix the vulnerabilities, the firm recommend updating File Station 5 to the latest version.
Updating File Station 5
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
- A search box appears.
- Type ‘File Station 5’ and then press ENTER.
File Station 5 appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your File Station 5 is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: Coral
Revision History:
V1.0 (August 26, 2025) – Published
Subscribe to our free daily newsletter
