Home

Description

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

PUBLISHED Reserved 2025-09-03 | Published 2025-11-07 | Updated 2025-11-07 | Assigner qnap




LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U

Problem types

CWE-23

Product status

Default status
unaffected

5.10.x (custom) before 5.10.0.305 ( 2025/09/16 )
affected

5.10.x (custom) before 5.10.0.304 ( 2025/09/08 )
affected

Credits

Tim Coen finder

References

www.qnap.com/en/security-advisory/qsa-25-37

cve.org (CVE-2025-58463)

nvd.nist.gov (CVE-2025-58463)

Download JSON