Cyber Posture

CVE-2025-47206

High

Published: 18 August 2025

Published
18 August 2025
Modified
12 September 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0021 42.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47206 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Qnap File Station. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the out-of-bounds write vulnerability by requiring timely application of vendor patches such as File Station 5.5.6.4933.

SI-16 Memory Protection good match
prevent

Implements memory protections like ASLR and DEP to minimize successful exploitation of memory corruption from out-of-bounds writes.

SI-10 Information Input Validation partial match
prevent

Validates information inputs to File Station to block malformed data that could trigger the out-of-bounds write.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

OOB write in network-exposed File Station service directly enables remote exploitation of a public-facing application by an authenticated user, leading to RCE/memory corruption.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following…

more

version: File Station 5 5.5.6.4933 and later

Deeper analysisAI

CVE-2025-47206 is an out-of-bounds write vulnerability (CWE-787) affecting File Station 5 on QNAP devices. Published on 2025-08-18, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts without confidentiality loss.

A remote attacker who has obtained a user account on the affected system (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. Successful exploitation allows the attacker to modify or corrupt memory, potentially leading to arbitrary code execution, data tampering, or denial-of-service conditions as reflected in the high integrity (I:H) and availability (A:H) metrics.

QNAP has addressed the issue in File Station 5 version 5.5.6.4933 and later. Security practitioners should update to a patched version immediately and refer to the official advisory at https://www.qnap.com/en/security-advisory/qsa-25-31 for full details on mitigation and verification steps.

Details

CWE(s)
CWE-787

Affected Products

qnap
file station
5.5.6.4691 — 5.5.6.4933

CVEs Like This One

CVE-2025-57713Same product: Qnap File Station
CVE-2025-57707Same product: Qnap File Station
CVE-2024-48864Same product: Qnap File Station
CVE-2025-30276Same product class: NAS / storage appliance
CVE-2025-59384Same product class: NAS / storage appliance
CVE-2025-44014Same product class: NAS / storage appliance
CVE-2024-53699Same product class: NAS / storage appliance
CVE-2024-13086Same product class: NAS / storage appliance
CVE-2025-29894Same product class: NAS / storage appliance
CVE-2025-59385Same product class: NAS / storage appliance

References