安全ID : QSA-26-03
Multiple Vulnerabilities in File Station 5
发布日期 : February 12, 2026
通用漏洞披露 : CVE-2025-54155 | CVE-2025-54161 | CVE-2025-54162 | CVE-2025-54163 | CVE-2025-54169 | CVE-2025-57707 | CVE-2025-57713 | CVE-2025-62853 | CVE-2025-62854 | CVE-2025-62855 | CVE-2025-62856 | CVE-2025-66278 | CVE-2026-22894
受影响产品: File Station 5 version 5.5.x
严重程度
Important
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect File Station 5:
- CVE-2025-54155, CVE-2025-54161: Allocation of resources without limits or throttling vulnerability
If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. - CVE-2025-54162: Path traversal vulnerability
If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. - CVE-2025-62853, CVE-2025-66278, CVE-2026-22894: Path traversal vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. - CVE-2025-62855, CVE-2025-62856: Path traversal vulnerability
If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. - CVE-2025-54163: NULL pointer dereference vulnerability
If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. - CVE-2025-54169: Out-of-bounds read vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to obtain secret data. - CVE-2025-57707: Improper neutralization of directives in statically saved code (static code injection) vulnerability
If a remote attacker gains access to a user account, they can then exploit the vulnerability to access restricted data or files. - CVE-2025-57713: Weak authentication vulnerability
If exploited, remote attackers can gain sensitive information. - CVE-2025-62854: Uncontrolled resource consumption vulnerability
If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| File Station 5 version 5.5.x | File Station 5 version 5.5.6.5190 and later |
Recommendation
To fix the vulnerabilities, we recommend updating File Station 5 to the latest version.
Updating File Station 5
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "File Station 5" and then press ENTER.
File Station 5 appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your File Station 5 is already up to date. - Click OK.
The system updates the application.
附件
- CVE-2025-54161.json
- CVE-2025-54162.json
- CVE-2025-54163.json
- CVE-2025-54169.json
- CVE-2025-57707.json
- CVE-2025-57713.json
- CVE-2025-62853.json
- CVE-2025-62854.json
- CVE-2025-62855.json
- CVE-2025-62856.json
- CVE-2025-66278.json
- CVE-2025-54155.json
- CVE-2026-22894.json
致谢:
coral
Kutay Ergen
Mohammad Abdullah - Infosec Researcher & Bugbounty hunter
修订历史:
V1.0 (February 12, 2026) - Published
