CVE-2025-29900
📋 TL;DR
This vulnerability in QNAP File Station 5 allows authenticated attackers to exhaust system resources through uncontrolled allocation, potentially causing denial of service. It affects users running vulnerable versions of File Station 5 on QNAP NAS devices. Attackers need valid user credentials to exploit this issue.
💻 Affected Systems
- QNAP File Station 5
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for File Station and potentially other services sharing the same resource pool, disrupting file access and management capabilities.
Likely Case
Degraded performance or temporary unavailability of File Station functionality for legitimate users.
If Mitigated
Minimal impact with proper access controls and monitoring in place to detect resource exhaustion attempts.
🎯 Exploit Status
Exploitation requires authenticated access. The vulnerability is in resource allocation logic, making exploitation straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: File Station 5 5.5.6.4907 and later
Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-19
Restart Required: Yes
Instructions:
1. Log into QNAP QTS web interface. 2. Go to App Center. 3. Check for updates. 4. Update File Station to version 5.5.6.4907 or later. 5. Restart the NAS if prompted.
🔧 Temporary Workarounds
Disable File Station
allTemporarily disable File Station if not required, eliminating the attack surface.
Go to QTS Control Panel > Applications > App Center > Installed Apps > File Station > Disable
Restrict Access
allLimit File Station access to trusted IP addresses only using firewall rules.
Go to QTS Control Panel > System > Security > Firewall > Create rules to restrict File Station port access
🧯 If You Can't Patch
- Implement strict access controls and monitor for unusual resource consumption patterns
- Isolate affected systems from critical network segments and implement rate limiting
🔍 How to Verify
Check if Vulnerable:
Check File Station version in QTS App Center. If version is below 5.5.6.4907, the system is vulnerable.Check Version:
Check via QTS web interface: App Center > Installed Apps > File StationVerify Fix Applied:
Confirm File Station version is 5.5.6.4907 or higher in App Center after update.📡 Detection & Monitoring
Log Indicators:
- Unusual resource consumption patterns in system logs
- Multiple failed or successful authentication attempts followed by resource spikes
Network Indicators:
- Abnormal traffic patterns to File Station service
- Sustained high resource usage from single IP addresses
SIEM Query:
source="qnap_nas" AND (event_type="resource_exhaustion" OR process="file_station") AND resource_usage>threshold