Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-58463

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

Published

2025-11-07T16:15:40.780

Last Modified

2025-11-17T15:40:14.600

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-23

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qnap	download_station	5.10.0.291	Yes
Operating System	qnap	quts_hero	h5.2.1.2929	No
Operating System	qnap	quts_hero	h5.2.1.2940	No
Application	qnap	download_station	< 5.10.0.305	Yes
Operating System	qnap	qts	5.2.1.2930	No

References

https://www.qnap.com/en/security-advisory/qsa-25-37 Vendor Advisory ([email protected])