CVE-2025-33035 – A path traversal vulnerability in QNAP File Sta... (How to Fix)

📋 TL;DR

A path traversal vulnerability in QNAP File Station 5 allows authenticated attackers to read arbitrary files on the system. This affects all QNAP NAS devices running vulnerable versions of File Station 5. Attackers need valid user credentials to exploit this vulnerability.

💻 Affected Systems

Products:

QNAP File Station 5

Versions: All versions before 5.5.6.4847

Operating Systems: QTS, QuTS hero

Default Config Vulnerable: ⚠️ Yes

Notes: Affects QNAP NAS devices with File Station 5 enabled. Requires attacker to have a valid user account.

📦 What is this software?

File Station by Qnap

View all CVEs affecting File Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or user data, potentially leading to credential theft, privilege escalation, or data exfiltration.

🟠

Likely Case

Attackers with standard user accounts can access files outside their authorized directories, potentially exposing sensitive organizational data.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the specific user's access level and isolated network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access. Path traversal vulnerabilities are typically straightforward to exploit once authentication is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: File Station 5 5.5.6.4847 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-16

Restart Required: Yes

Instructions:

1. Log into QNAP NAS web interface
2. Go to App Center
3. Check for updates
4. Update File Station 5 to version 5.5.6.4847 or later
5. Restart the NAS if prompted

🔧 Temporary Workarounds

Disable File Station

all

Temporarily disable File Station 5 if immediate patching is not possible

Restrict Network Access

all

Block external access to File Station web interface

🧯 If You Can't Patch

Implement strict access controls and limit user permissions
Enable logging and monitor for unusual file access patterns

🔍 How to Verify

Check if Vulnerable:

Check File Station version in QNAP App Center. If version is below 5.5.6.4847, system is vulnerable.

Check Version:

Check via QNAP web interface: App Center → Installed Apps → File Station

Verify Fix Applied:

Verify File Station version shows 5.5.6.4847 or higher in App Center after update.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Multiple failed path traversal attempts
Access to system directories from File Station

Network Indicators:

Unusual HTTP requests with directory traversal patterns (../ sequences)

SIEM Query:

source="qnap_logs" AND ("../" OR "..\" OR "%2e%2e%2f") AND process="File Station"

📊 Metadata

CVE ID: CVE-2025-33035

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.07% exploit probability (21.4th percentile)

Published: June 6, 2025

Last Updated: September 17, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-16 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33035, you might also want to check these: