Vulnerability in Qnap Systems Inc. File Station 5

CVE-2025-57707

An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to acc…

EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.

Affected products

Qnap Systems Inc. File Station 5 — versions 5.5.x

Weakness classification (CWE)

CWE-96 — Improper Neutralization of Directives in Statically Saved Code (Static Code Injection)

References

www.qnap.com/en/security-advisory/qsa-26-03