CVE-2025-47206 – An out-of-bounds write vulnerability in QNAP Fi... (How to Fix)

Q: What is the severity of CVE-2025-47206?

CVE-2025-47206 has a CVSS score of 8.1 (HIGH). An out-of-bounds write vulnerability in QNAP File Station 5 allows authenticated attackers to modify or corrupt memory. This could lead to arbitrary code execution or system compromise. Only users with valid accounts on affected QNAP NAS devices are at risk.

📋 TL;DR

An out-of-bounds write vulnerability in QNAP File Station 5 allows authenticated attackers to modify or corrupt memory. This could lead to arbitrary code execution or system compromise. Only users with valid accounts on affected QNAP NAS devices are at risk.

💻 Affected Systems

Products:

QNAP File Station 5

Versions: Versions prior to 5.5.6.4933

Operating Systems: QTS (QNAP Turbo NAS Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have a valid user account on the QNAP device. File Station is typically enabled by default on QNAP NAS devices.

📦 What is this software?

File Station by Qnap

View all CVEs affecting File Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Service disruption, data corruption, or limited privilege escalation within the File Station application context.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented, though memory corruption could still cause instability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authentication but the vulnerability is in a core file management component that's frequently accessed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: File Station 5 version 5.5.6.4933 or later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-31

Restart Required: Yes

Instructions:

1. Log into QNAP NAS web interface. 2. Go to App Center. 3. Check for updates. 4. Update File Station to version 5.5.6.4933 or later. 5. Restart the NAS if required.

🔧 Temporary Workarounds

Disable File Station

all

Temporarily disable File Station service if patching is not immediately possible

Log into QTS > Control Panel > Applications > File Station > Disable

Restrict Network Access

all

Block external access to File Station web interface

Configure firewall rules to block ports used by File Station (typically 80/443)

🧯 If You Can't Patch

Implement strict access controls and limit File Station access to trusted users only
Enable logging and monitoring for suspicious File Station activity

🔍 How to Verify

Check if Vulnerable:

Check File Station version in QTS App Center or via SSH: cat /etc/config/uLinux.conf | grep file_station_version

Check Version:

cat /etc/config/uLinux.conf | grep file_station_version

Verify Fix Applied:

Verify File Station version is 5.5.6.4933 or higher in App Center

📡 Detection & Monitoring

Log Indicators:

Unusual file operations in File Station logs
Multiple failed authentication attempts followed by successful login
Memory access violations in system logs

Network Indicators:

Unusual traffic patterns to File Station web interface
Unexpected outbound connections from NAS after File Station access

SIEM Query:

source="qnap_nas" AND (event="file_station_access" AND user!="admin" AND action="write")

📊 Metadata

CVE ID: CVE-2025-47206

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-787

EPSS Score: 0.15% exploit probability (35.6th percentile)

Published: August 18, 2025

Last Updated: September 12, 2025

🔗 References

https://www.qnap.com/en/security-advisory/qsa-25-31 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47206, you might also want to check these: