File Station
by Synology
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22484 | Hig | 0.46 | — | 0.00 | Jun 6, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… | ||
| CVE-2018-8923 | Med | 0.42 | 6.5 | 0.01 | Jun 5, 2018 | Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | ||
| CVE-2017-15893 | Med | 0.42 | 6.5 | 0.02 | Dec 8, 2017 | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||
| CVE-2025-62854 | 0.00 | — | 0.01 | Feb 11, 2026 | An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following… | |||
| CVE-2025-62856 | 0.00 | — | 0.00 | Feb 11, 2026 | A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the… | |||
| CVE-2025-53408 | 0.00 | — | 0.00 | Nov 7, 2025 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-53413 | 0.00 | — | 0.00 | Nov 7, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… | |||
| CVE-2025-57706 | 0.00 | — | 0.00 | Nov 7, 2025 | A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the… | |||
| CVE-2025-29899 | 0.00 | — | 0.00 | Aug 29, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… | |||
| CVE-2025-29890 | 0.00 | — | 0.00 | Aug 29, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… | |||
| CVE-2025-29901 | 0.00 | — | 0.00 | Aug 26, 2025 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-29885 | 0.00 | — | 0.00 | Jun 6, 2025 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the… | |||
| CVE-2025-29883 | 0.00 | — | 0.00 | Jun 6, 2025 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the… | |||
| CVE-2025-22486 | 0.00 | — | 0.00 | Jun 6, 2025 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the… | |||
| CVE-2025-22490 | 0.00 | — | 0.00 | Jun 6, 2025 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2020-2503 | 0.00 | — | 0.01 | Dec 24, 2020 | If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | |||
| CVE-2020-2496 | 0.00 | — | 0.01 | Dec 10, 2020 | If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS… | |||
| CVE-2020-2495 | 0.00 | — | 0.01 | Dec 10, 2020 | If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS… | |||
| CVE-2018-13288 | 0.00 | — | 0.01 | Apr 1, 2019 | Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. |
- risk 0.46cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
- risk 0.42cvss 6.5epss 0.01
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
- risk 0.42cvss 6.5epss 0.02
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
- CVE-2025-62854Feb 11, 2026risk 0.00cvss —epss 0.01
An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following…
- CVE-2025-62856Feb 11, 2026risk 0.00cvss —epss 0.00
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the…
- CVE-2025-53408Nov 7, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-53413Nov 7, 2025risk 0.00cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
- CVE-2025-57706Nov 7, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the…
- CVE-2025-29899Aug 29, 2025risk 0.00cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
- CVE-2025-29890Aug 29, 2025risk 0.00cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
- CVE-2025-29901Aug 26, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-29885Jun 6, 2025risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the…
- CVE-2025-29883Jun 6, 2025risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the…
- CVE-2025-22486Jun 6, 2025risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the…
- CVE-2025-22490Jun 6, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2020-2503Dec 24, 2020risk 0.00cvss —epss 0.01
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
- CVE-2020-2496Dec 10, 2020risk 0.00cvss —epss 0.01
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS…
- CVE-2020-2495Dec 10, 2020risk 0.00cvss —epss 0.01
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS…
- CVE-2018-13288Apr 1, 2019risk 0.00cvss —epss 0.01
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.