CVE-2025-62855
MEDIUMQNAP File Station 5.5.6.4691-5.5.6.5190 - Authenticated Path Traversal
Title source: llmDescription
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-26-03
Scores
CVSS v3
4.4
EPSS
0.0001
EPSS Percentile
3.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
qnap/file_station
5.5.6.4691 - 5.5.6.5190
Published
Feb 11, 2026
Tracked Since
Feb 18, 2026