CVE-2025-62856 – A path traversal vulnerability in QNAP File Sta... (How to Fix)

Q: What is the severity of CVE-2025-62856?

CVE-2025-62856 has a CVSS score of 4.4 (MEDIUM). A path traversal vulnerability in QNAP File Station 5 allows local attackers with administrator privileges to read arbitrary files and system data. This affects QNAP NAS devices running vulnerable versions of File Station 5. The vulnerability enables unauthorized access to sensitive information.

📋 TL;DR

A path traversal vulnerability in QNAP File Station 5 allows local attackers with administrator privileges to read arbitrary files and system data. This affects QNAP NAS devices running vulnerable versions of File Station 5. The vulnerability enables unauthorized access to sensitive information.

💻 Affected Systems

Products:

QNAP File Station 5

Versions: Versions prior to 5.5.6.5190

Operating Systems: QTS, QuTS hero

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local attacker with administrator account access to exploit

📦 What is this software?

File Station by Qnap

View all CVEs affecting File Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials could be stolen, configuration files containing secrets could be read, and sensitive user data could be exfiltrated, potentially leading to complete system compromise.

🟠

Likely Case

Local attackers with admin access can read sensitive system files, configuration data, and user files stored on the NAS device.

🟢

If Mitigated

With proper access controls and network segmentation, the impact is limited to the local NAS environment, preventing lateral movement to other systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials and local access to the system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: File Station 5 5.5.6.5190 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-26-03

Restart Required: Yes

Instructions:

1. Log into QNAP NAS admin interface. 2. Go to App Center. 3. Check for updates for File Station 5. 4. Install version 5.5.6.5190 or later. 5. Restart the NAS device.

🔧 Temporary Workarounds

Disable File Station

linux

Temporarily disable File Station service until patching is possible

ssh admin@nas-ip
sudo /etc/init.d/file_station.sh stop

Restrict Admin Access

all

Implement strict access controls for administrator accounts and monitor admin activity

🧯 If You Can't Patch

Implement network segmentation to isolate QNAP NAS from critical systems
Enable detailed logging and monitoring of File Station access and file operations

🔍 How to Verify

Check if Vulnerable:

Check File Station version in QNAP App Center or via SSH: ssh admin@nas-ip 'cat /etc/config/uLinux.conf | grep file_station_version'

Check Version:

ssh admin@nas-ip 'cat /etc/config/uLinux.conf | grep file_station_version'

Verify Fix Applied:

Verify File Station version is 5.5.6.5190 or higher in App Center or via SSH command

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in File Station logs
Multiple failed path traversal attempts in web server logs
Admin account accessing unusual file paths

Network Indicators:

Unusual outbound traffic from NAS device following admin login
File download patterns inconsistent with normal user behavior

SIEM Query:

source="qnap_nas" AND (event="file_access" AND path="../" OR event="admin_login" AND subsequent_event="file_download")

📊 Metadata

CVE ID: CVE-2025-62856

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.03% exploit probability (8th percentile)

Published: February 11, 2026

Last Updated: February 12, 2026

🔗 References

https://www.qnap.com/en/security-advisory/qsa-26-03 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62856, you might also want to check these: