Synology File Station 5 Multiple Vulnerabilities Advisory (CVE-2025-29874, CVE-2025-29875, etc.)

Key Information Vulnerability ID QSA-25-19 Release Date August 29, 2025 CVE Identifiers CVE-2025-29874, CVE-2025-29875, CVE-2025-29878, CVE-2025-29879, CVE-2025-29886, CVE-2025-29888, CVE-2025-29889, CVE-2025-29890, CVE-2025-29899, CVE-2025-29900 Affected Product File Station 5 version 5.5.x Severity Medium Status Resolved Summary Multiple vulnerabilities affect File Station 5: - CVE-2025-29874, CVE-2025-29875, CVE-2025-29878, CVE-2025-29879, CVE-2025-29886, CVE-2025-29888, CVE-2025-29889: If a remote attacker gains access to a user account, they can exploit a NULL pointer dereference vulnerability to launch a Denial of Service (DoS) attack. - CVE-2025-29890, CVE-2025-29899, CVE-2025-29900: If a remote attacker gains access to a user account, they can exploit resource allocation without limits or throttling vulnerabilities to prevent other systems, applications, or processes from accessing the same type of resources. Fixed Versions File Station 5 version 5.5.6.4907 and later Recommendation Update File Station 5 to the latest version to fix the vulnerabilities. Update Steps 1. Log in to QTS or QTS hero as an administrator. 2. Open App Center and click on the search box. 3. Type "File Station 5" and press ENTER. 4. Click Update. 5. Click OK to complete the update. Attachments JSON files corresponding to each CVE identifier Acknowledgments coral

Goal Reached Thanks to every supporter — we hit 100%!

Synology File Station 5 Multiple Vulnerabilities Advisory (CVE-2025-29874, CVE-2025-29875, etc.)