CVE-2025-29872
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-18
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | file_station | From 5.5.6.4691 (inc) to 5.5.6.4847 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the allocation of resources without limits or throttling in File Station 5. A remote attacker who gains a user account can exploit this flaw to consume resources excessively, preventing other systems, applications, or processes from accessing the same type of resource.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service conditions by allowing an attacker to exhaust resources, which prevents legitimate systems, applications, or processes from functioning properly.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update File Station 5 to version 5.5.6.4847 or later, as the vulnerability has been fixed in these versions.