Vulnerability Database

318,275

Total vulnerabilities in the database

CVE-2025-58463

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

Published: Nov 7, 2025
Updated: Nov 18, 2025
CVE: CVE-2025-58463
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-23

Affected Software
References

Software	From	Fixed in
qnap / download_station	5.10.0.291	5.10.0.291.x
qnap / download_station	5.10.0.291	5.10.0.305

https://www.qnap.com/en/security-advisory/qsa-25-37

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo