CVE-2025-22490 is a medium-severity vulnerability identified in QNAP Systems Inc.'s File Station 5, specifically affecting version 5.5.x prior to 5.5.6.4847. The vulnerability is classified as CWE-476, which corresponds to a NULL pointer dereference. This type of vulnerability occurs when the software attempts to access or dereference a pointer that has a NULL value, leading to unexpected behavior such as application crashes or denial-of-service (DoS). In this case, the flaw allows a remote attacker who has already obtained a valid user account on the affected system to exploit the vulnerability and cause a DoS condition, effectively disrupting the availability of the File Station service. The CVSS 4.0 base score is 5.3, indicating a medium level of severity. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges beyond a user account (PR:L), and no user interaction (UI:N). The impact is limited to availability (VA:L) with no impact on confidentiality or integrity. The vulnerability does not affect system confidentiality or integrity, nor does it require user interaction, making it a straightforward DoS attack once a user account is compromised. The vendor has addressed this issue in File Station 5 version 5.5.6.4847 and later, so updating to this or a newer version mitigates the risk. No known exploits are currently reported in the wild, but the presence of a valid user account is a prerequisite for exploitation, which limits the attack surface to environments where user credentials are compromised or weakly protected.

For European organizations using QNAP File Station 5, this vulnerability poses a risk primarily to service availability. File Station is commonly used for file management and sharing in network-attached storage (NAS) devices, which are critical for data accessibility and business continuity. A successful DoS attack could disrupt operations, delay access to important files, and potentially impact productivity. While the vulnerability does not directly expose sensitive data or allow unauthorized data modification, the denial of service could be leveraged as part of a broader attack strategy, especially if attackers have already compromised user credentials. Organizations with weak user account management or insufficient network segmentation may be more vulnerable. The impact is more pronounced in sectors relying heavily on NAS devices for daily operations, such as small and medium enterprises, educational institutions, and public sector organizations. Given the medium severity and the requirement for prior user account access, the threat is moderate but should not be underestimated, especially in environments where credential compromise is a known risk.

To mitigate this vulnerability, European organizations should prioritize upgrading QNAP File Station 5 to version 5.5.6.4847 or later, where the issue has been fixed. Beyond patching, organizations should implement strict user account management policies, including enforcing strong, unique passwords and enabling multi-factor authentication (MFA) where supported to reduce the risk of account compromise. Network segmentation should be employed to limit access to NAS devices only to trusted internal networks or VPN users. Monitoring and logging of user activities on File Station can help detect suspicious behavior indicative of credential misuse. Additionally, organizations should conduct regular vulnerability assessments and penetration testing focused on NAS devices to identify and remediate potential weaknesses proactively. Disabling or restricting remote access to File Station where not necessary can further reduce exposure. Finally, educating users about phishing and credential security will help prevent the initial compromise required to exploit this vulnerability.