Cross-site Scripting Vulnerability in QNAP Download Station
CVE-2025-58465

2.2LOW

Key Information:

Vendor

QNAP
Status
Download Station
Vendor
CVE Published:
7 November 2025

What is CVE-2025-58465?

A cross-site scripting (XSS) vulnerability exists in QNAP's Download Station, allowing remote attackers with user account access to leverage this weakness. This could enable them to bypass established security measures or gain unauthorized access to sensitive application data. Users are urged to upgrade to fixed versions to mitigate potential risks.

Affected Version(s)

Download Station 5.10.x < 5.10.0.305 ( 2025/09/16 )

Download Station 5.10.x < 5.10.0.304 ( 2025/09/08 )

References

https://www.qnap.com/en/security-advisory/qsa-25-37

CVSS V4

Score:
2.2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tim Coen
JSON
.
CVE-2025-58465 : Cross-site Scripting Vulnerability in QNAP Download Station