CVE-2025-58463

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-25-37	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:qnap:download_station:5.10.0.291:*:*:*:*:*:*:*

OR	cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105::::::

Configuration 2 (hide)

AND

cpe:2.3:a:qnap:download_station:*:*:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

History

17 Nov 2025, 15:40

Type	Values Removed	Values Added
First Time		Qnap qts Qnap download Station Qnap quts Hero Qnap
References	~~() https://www.qnap.com/en/security-advisory/qsa-25-37 -~~	() https://www.qnap.com/en/security-advisory/qsa-25-37 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.9
CPE		cpe:2.3:a:qnap:download_station:::::::: cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:::::: cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:::::: cpe:2.3:a:qnap:download_station:5.10.0.291:::::::* cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025::::::

07 Nov 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-07 16:15

Updated : 2025-11-17 15:40

NVD link : CVE-2025-58463

Mitre link : CVE-2025-58463

CVE.ORG link : CVE-2025-58463

JSON object : View

Products Affected

qnap

qts
download_station
quts_hero

CWE

CWE-23

Relative Path Traversal

{"id": "CVE-2025-58463", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-07T16:15:40.780", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-37", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following versions:\nDownload Station 5.10.0.305 ( 2025/09/16 ) and later\nDownload Station 5.10.0.304 ( 2025/09/08 ) and later"}], "lastModified": "2025-11-17T15:40:14.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:download_station:5.10.0.291:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB5AA38B-9338-4627-89D3-0C6301C2A719"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB92EFD7-47DD-4AAC-97BD-A2D4918FF4ED"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78E38E23-1AD0-49E1-89FA-73DC2F496137"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:download_station:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A82E519C-6822-462D-9C68-14FE5CC90530", "versionEndExcluding": "5.10.0.305", "versionStartIncluding": "5.10.0.291"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E3FC6646-2247-4ED9-9643-CD376674E2E7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@qnapsecurity.com.tw"}