CVE-2025-29872: File Station 5
Description
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4847 and later
Classification
CVE ID: CVE-2025-29872
CVSS Base Severity: HIGH
CVSS Base Score: 7.1
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Problem Types
CWE-770Affected Products
Vendor: QNAP Systems Inc.
Product: File Station 5
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.08% (probability of being exploited)
EPSS Percentile: 25.07% (scored less or equal to compared to others)
EPSS Date: 2025-06-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-29872https://www.qnap.com/en/security-advisory/qsa-25-16