NULL Pointer Dereference Vulnerability in QNAP File Station 5
CVE-2025-29901

7.1HIGH

Key Information:

Vendor: QNAP
Status: File Station 5
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-29901?

A NULL pointer dereference vulnerability has been identified in QNAP's File Station 5. This issue permits remote attackers who have a user account to exploit the vulnerability and initiate a denial-of-service (DoS) attack. It is crucial for users to update to version 5.5.6.4933 or later to mitigate this risk. Detailed information can be found in the QNAP security advisory.

Affected Version(s)

File Station 5 5.5.x < 5.5.6.4933

References

https://www.qnap.com/en/security-advisory/qsa-25-31

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

coral