CVE-2025-54162
Analyzed Analyzed - Analysis Complete
Path Traversal in File Station 5 Allows Unauthorized File Access

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: QNAP Systems, Inc.

Description
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-05-07
AI Q&A
2026-02-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54162
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qnap file_station From 5.5.6.4691 (inc) to 5.5.6.5190 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a path traversal issue affecting File Station 5. It allows a remote attacker who has obtained an administrator account to exploit the flaw and read the contents of files or system data that they should not normally have access to.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with administrator privileges to access sensitive or unexpected files and system data. This could lead to unauthorized disclosure of confidential information or system compromise.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade File Station 5 to version 5.5.6.5068 or later, where the issue has been fixed.

Additionally, restrict administrator account access to trusted users only, as exploitation requires an attacker to have administrator privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart