CVE-2025-57713
Published: 11 February 2026
Summary
CVE-2025-57713 is a high-severity Weak Authentication (CWE-1390) vulnerability in Qnap File Station. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons.
The IA policy requires strong authentication methods, reducing use of weak authentication.
Enforces dynamic, context-aware authentication that mitigates weak static authentication by increasing requirements based on risk or conditions.
Enforces authentication for users, reducing the viability of weak authentication mechanisms.
Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Weak auth bypass in public-facing File Station directly enables T1190 exploitation for unauth remote access; resulting sensitive data exposure maps to T1005.
NVD Description
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
Deeper analysisAI
CVE-2025-57713 is a weak authentication vulnerability affecting File Station 5, a file management component in QNAP NAS devices. Rated at a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and mapped to CWE-1390, the flaw enables remote attackers to bypass authentication mechanisms and access sensitive information. The vulnerability was publicly disclosed on February 11, 2026.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants access to sensitive data hosted by File Station 5, resulting in high confidentiality impact but no disruption to integrity or availability.
QNAP's security advisory (QSA-26-03) confirms the issue has been addressed in File Station 5 version 5.5.6.5166 and later. Security practitioners should update affected systems immediately to mitigate the risk, as detailed in the advisory at https://www.qnap.com/en/security-advisory/qsa-26-03.
Details
- CWE(s)