Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-58463

Опубликовано: 07 нояб. 2025
Источник: nvd
CVSS3: 4.9
EPSS Низкий

Описание

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:qnap:download_station:5.10.0.291:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:qnap:download_station:*:*:*:*:*:*:*:*
Версия от 5.10.0.291 (включая) до 5.10.0.305 (исключая)
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00072
Низкий

4.9 Medium

CVSS3

Дефекты

CWE-23

Связанные уязвимости

github логотип

GHSA-cc6p-pmxf-h4wh

CVSS3: 4.9
github
3 месяца назад

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

EPSS

Процентиль: 22%
0.00072
Низкий

4.9 Medium

CVSS3

Дефекты

CWE-23