CVE-2025-29889 – A NULL pointer dereference vulnerability in QNA... (How to Fix)

Q: What is the severity of CVE-2025-29889?

CVE-2025-29889 has a CVSS score of 6.5 (MEDIUM). A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects users running vulnerable versions of File Station 5 on QNAP NAS devices. Attackers need valid user credentials to exploit this vulnerability.

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to cause denial-of-service conditions. This affects users running vulnerable versions of File Station 5 on QNAP NAS devices. Attackers need valid user credentials to exploit this vulnerability.

💻 Affected Systems

Products:

QNAP File Station 5

Versions: Versions before 5.5.6.4907

Operating Systems: QTS (QNAP Turbo NAS Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects File Station 5 on QNAP NAS devices. Requires File Station service to be enabled and accessible.

📦 What is this software?

File Station by Qnap

View all CVEs affecting File Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of File Station functionality, potentially affecting file access and management services on the QNAP device.

🟠

Likely Case

Temporary service interruption of File Station until system restart or service recovery.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place.

🌐 Internet-Facing: MEDIUM - Requires authentication but internet-facing instances are accessible to attackers with credentials.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials can still cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access. Exploitation likely involves sending specially crafted requests to trigger the NULL pointer dereference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: File Station 5 version 5.5.6.4907 or later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-19

Restart Required: Yes

Instructions:

1. Log into QNAP NAS web interface. 2. Go to App Center. 3. Check for updates to File Station 5. 4. Update to version 5.5.6.4907 or later. 5. Restart the File Station service or the entire NAS if required.

🔧 Temporary Workarounds

Disable File Station Service

all

Temporarily disable File Station if not required for operations

Log into QNAP web interface > Control Panel > Applications > File Station > Disable

Restrict Network Access

all

Limit access to File Station service using firewall rules

Control Panel > Security > Firewall > Add rule to restrict File Station port access

🧯 If You Can't Patch

Implement strict access controls and limit File Station access to trusted users only
Monitor File Station service logs for unusual activity or repeated connection attempts

🔍 How to Verify

Check if Vulnerable:

Check File Station version in QNAP App Center or via SSH: cat /etc/config/uLinux.conf | grep FileStation

Check Version:

cat /etc/config/uLinux.conf | grep 'FileStation.*version'

Verify Fix Applied:

Verify File Station version is 5.5.6.4907 or higher in App Center

📡 Detection & Monitoring

Log Indicators:

File Station service crashes
Unusual authentication patterns
Multiple failed connection attempts to File Station

Network Indicators:

Unusual traffic patterns to File Station port
Repeated connection attempts from single sources

SIEM Query:

source="qnap_nas" AND (event="service_crash" AND service="FileStation") OR (event="auth_failure" AND target="FileStation")

📊 Metadata

CVE ID: CVE-2025-29889

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.15% exploit probability (35.7th percentile)

Published: August 29, 2025

Last Updated: September 19, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-19 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29889, you might also want to check these: