CVE-2025-29874 – A NULL pointer dereference vulnerability in QNA... (How to Fix)

Q: What is the severity of CVE-2025-29874?

CVE-2025-29874 has a CVSS score of 6.5 (MEDIUM). A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects users running vulnerable versions of File Station 5 on QNAP NAS devices. Attackers need valid user credentials to exploit this vulnerability.

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects users running vulnerable versions of File Station 5 on QNAP NAS devices. Attackers need valid user credentials to exploit this vulnerability.

💻 Affected Systems

Products:

QNAP File Station 5

Versions: All versions before 5.5.6.4907

Operating Systems: QTS (QNAP Turbo NAS Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: File Station is typically enabled by default on QNAP NAS devices. Requires attacker to have valid user account credentials.

📦 What is this software?

File Station by Qnap

View all CVEs affecting File Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of File Station functionality, potentially affecting file access and management services on the NAS device.

🟠

Likely Case

Temporary unavailability of File Station web interface and file management features until service restart.

🟢

If Mitigated

Minimal impact with proper access controls limiting attacker access to low-privilege accounts only.

🌐 Internet-Facing: MEDIUM - Requires authentication but internet-facing File Station instances are accessible to attackers with credentials.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials can still cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but the vulnerability type suggests straightforward exploitation once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: File Station 5 version 5.5.6.4907 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-19

Restart Required: Yes

Instructions:

1. Log into QNAP NAS web interface. 2. Go to App Center. 3. Check for updates. 4. Update File Station to version 5.5.6.4907 or later. 5. Restart File Station service or reboot NAS if required.

🔧 Temporary Workarounds

Disable File Station

all

Temporarily disable File Station service if not required

Log into QNAP web interface > Control Panel > Applications > File Station > Disable

Restrict Network Access

all

Limit File Station access to trusted networks only

Control Panel > Network & File Services > Win/Mac/NFS > Configure access restrictions

🧯 If You Can't Patch

Implement strict access controls and limit user accounts with File Station access
Monitor File Station service logs for abnormal termination or restart patterns

🔍 How to Verify

Check if Vulnerable:

Check File Station version in QNAP App Center or via SSH: cat /etc/config/uLinux.conf | grep -i filestation

Check Version:

cat /etc/config/uLinux.conf | grep -i 'filestation.*version'

Verify Fix Applied:

Verify File Station version is 5.5.6.4907 or higher in App Center

📡 Detection & Monitoring

Log Indicators:

File Station service crashes or unexpected restarts
Authentication logs showing repeated access attempts

Network Indicators:

Unusual patterns of authenticated requests to File Station endpoints

SIEM Query:

source="qnap_nas" AND (process="filestation" AND event="crash") OR (service="File Station" AND status="stopped")

📊 Metadata

CVE ID: CVE-2025-29874

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.15% exploit probability (35.7th percentile)

Published: August 29, 2025

Last Updated: September 18, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-19 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29874, you might also want to check these: