Download Station_CVE-2025-58463

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U

Description

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions:
Download Station 5.10.0.305 ( 2025/09/16 ) and later
Download Station 5.10.0.304 ( 2025/09/08 ) and later

Basic Information

ID CVE-2025-58463

Source qnap

Published Nov 7, 2025 at 15:10

Modified Nov 7, 2025 at 16:11

Affected Product

Vendor QNAP Systems Inc.

Product Download Station

Version 5.10.x

Affected Versions QNAP Systems Inc. Download Station 5.10.x
QNAP Systems Inc. Download Station 5.10.x

CWE Classification

CWE-23

References

www.qnap.com /en/security-advisory/qsa-25-37

{
    "lastseen": "",
    "description": "A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following versions:\nDownload Station 5.10.0.305 ( 2025/09/16 ) and later\nDownload Station 5.10.0.304 ( 2025/09/08 ) and later",
    "published": "2025-11-07T15:10:42.856Z",
    "modified": "2025-11-07T16:11:30.915Z",
    "type": "cve",
    "title": "Download Station",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-25-37",
    "id": "CVE-2025-58463",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. Download Station 5.10.x\nQNAP Systems Inc. Download Station 5.10.x",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Download Station",
    "version": "5.10.x",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}