CVE-2025-29901 – A NULL pointer dereference vulnerability in QNA... (How to Fix)

📋 TL;DR

A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated remote attackers to cause denial-of-service by crashing the service. This affects all QNAP NAS devices running vulnerable versions of File Station 5. Attackers need valid user credentials to exploit this vulnerability.

💻 Affected Systems

Products:

QNAP File Station 5

Versions: All versions before 5.5.6.4933

Operating Systems: QTS, QuTS hero

Default Config Vulnerable: ⚠️ Yes

Notes: Affects QNAP NAS devices with File Station 5 enabled

📦 What is this software?

File Station by Qnap

View all CVEs affecting File Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete File Station service crash, disrupting file sharing and management capabilities until service restart

🟠

Likely Case

Temporary File Station service disruption affecting file access for authenticated users

🟢

If Mitigated

Minimal impact with proper access controls limiting authenticated users

🌐 Internet-Facing: MEDIUM - Requires authentication but internet-facing instances are accessible to attackers

🏢 Internal Only: LOW - Requires internal network access and valid credentials

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access; specific exploitation method not publicly documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: File Station 5 5.5.6.4933 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-31

Restart Required: No

Instructions:

1. Log into QNAP NAS admin interface
2. Go to App Center
3. Check for updates to File Station 5
4. Update to version 5.5.6.4933 or later
5. Verify update completed successfully

🔧 Temporary Workarounds

Disable File Station 5

all

Temporarily disable File Station 5 service if patching is not immediately possible

Go to Control Panel > Applications > File Station 5 > Disable

Restrict user access

all

Limit File Station access to essential users only

Go to Control Panel > Privilege > Applications > File Station 5 > Configure user permissions

🧯 If You Can't Patch

Implement strict access controls to limit authenticated users
Monitor File Station service for unexpected crashes or restarts

🔍 How to Verify

Check if Vulnerable:

Check File Station version in App Center > Installed Apps

Check Version:

ssh admin@qnap-nas 'cat /etc/config/uLinux.conf | grep FileStation'

Verify Fix Applied:

Confirm File Station version is 5.5.6.4933 or higher in App Center

📡 Detection & Monitoring

Log Indicators:

File Station service crash logs
Unexpected service restarts in system logs

Network Indicators:

Unusual authentication attempts to File Station
HTTP requests causing service termination

SIEM Query:

source="qnap-logs" AND ("File Station" AND ("crash" OR "restart" OR "terminated"))

📊 Metadata

CVE ID: CVE-2025-29901

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.15% exploit probability (35.7th percentile)

Published: August 26, 2025

Last Updated: September 15, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-31 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29901, you might also want to check these: