Skip to main content

CVE-2025-22490: CWE-476 in QNAP Systems Inc. File Station 5

Medium
VulnerabilityCVE-2025-22490cvecve-2025-22490cwe-476
Published: Fri Jun 06 2025 (06/06/2025, 15:52:54 UTC)
Source: CVE Database V5
Vendor/Project: QNAP Systems Inc.
Product: File Station 5

Description

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

AI-Powered Analysis

AILast updated: 07/08/2025, 04:26:26 UTC

Technical Analysis

CVE-2025-22490 is a medium-severity vulnerability identified in QNAP Systems Inc.'s File Station 5, specifically affecting version 5.5.x prior to 5.5.6.4847. The vulnerability is classified as CWE-476, which corresponds to a NULL pointer dereference. This type of vulnerability occurs when the software attempts to access or dereference a pointer that has a NULL value, leading to unexpected behavior such as application crashes or denial-of-service (DoS). In this case, the flaw allows a remote attacker who has already obtained a valid user account on the affected system to exploit the vulnerability and cause a DoS condition, effectively disrupting the availability of the File Station service. The CVSS 4.0 base score is 5.3, indicating a medium level of severity. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges beyond a user account (PR:L), and no user interaction (UI:N). The impact is limited to availability (VA:L) with no impact on confidentiality or integrity. The vulnerability does not affect system confidentiality or integrity, nor does it require user interaction, making it a straightforward DoS attack once a user account is compromised. The vendor has addressed this issue in File Station 5 version 5.5.6.4847 and later, so updating to this or a newer version mitigates the risk. No known exploits are currently reported in the wild, but the presence of a valid user account is a prerequisite for exploitation, which limits the attack surface to environments where user credentials are compromised or weakly protected.

Potential Impact

For European organizations using QNAP File Station 5, this vulnerability poses a risk primarily to service availability. File Station is commonly used for file management and sharing in network-attached storage (NAS) devices, which are critical for data accessibility and business continuity. A successful DoS attack could disrupt operations, delay access to important files, and potentially impact productivity. While the vulnerability does not directly expose sensitive data or allow unauthorized data modification, the denial of service could be leveraged as part of a broader attack strategy, especially if attackers have already compromised user credentials. Organizations with weak user account management or insufficient network segmentation may be more vulnerable. The impact is more pronounced in sectors relying heavily on NAS devices for daily operations, such as small and medium enterprises, educational institutions, and public sector organizations. Given the medium severity and the requirement for prior user account access, the threat is moderate but should not be underestimated, especially in environments where credential compromise is a known risk.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should prioritize upgrading QNAP File Station 5 to version 5.5.6.4847 or later, where the issue has been fixed. Beyond patching, organizations should implement strict user account management policies, including enforcing strong, unique passwords and enabling multi-factor authentication (MFA) where supported to reduce the risk of account compromise. Network segmentation should be employed to limit access to NAS devices only to trusted internal networks or VPN users. Monitoring and logging of user activities on File Station can help detect suspicious behavior indicative of credential misuse. Additionally, organizations should conduct regular vulnerability assessments and penetration testing focused on NAS devices to identify and remediate potential weaknesses proactively. Disabling or restricting remote access to File Station where not necessary can further reduce exposure. Finally, educating users about phishing and credential security will help prevent the initial compromise required to exploit this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
qnap
Date Reserved
2025-01-07T06:55:33.250Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6843110571f4d251b5d0a5d0

Added to database: 6/6/2025, 4:02:13 PM

Last enriched: 7/8/2025, 4:26:26 AM

Last updated: 8/13/2025, 8:31:05 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats