NULL Pointer Dereference Vulnerability in File Station by QNAP
CVE-2025-29888

5.3MEDIUM

Key Information:

Vendor

QNAP
Status
File Station 5
Vendor
CVE Published:
29 August 2025

What is CVE-2025-29888?

A NULL pointer dereference vulnerability exists in File Station 5 that can be exploited by remote attackers with user accounts to execute denial-of-service (DoS) attacks. Prompt remediation by upgrading to File Station 5 version 5.5.6.4907 or later is essential to mitigate this risk.

Affected Version(s)

File Station 5 5.5.x < 5.5.6.4907

References

https://www.qnap.com/en/security-advisory/qsa-25-19

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

coral
.