Improper Certificate Validation in QNAP File Station 5 Software
CVE-2025-22486

7.1HIGH

Key Information:

Vendor: QNAP
Status: File Station 5
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-22486?

An improper certificate validation vulnerability has been identified in QNAP's File Station 5 software, which could enable remote attackers to compromise user access if they exploit the flaw. This vulnerability emphasizes the risk in trusting certificates without adequate verification, potentially granting unauthorized access to sensitive system components.

Affected Version(s)

File Station 5 5.5.x < 5.5.6.4791

References

https://www.qnap.com/en/security-advisory/qsa-25-09

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

coral