{"cve":{"cve_id":"CVE-2025-29883","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00219,"epss_percentile":0.12198,"epss_as_of":"2026-06-23","description":"An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n  and later","published_at":"2025-06-06T15:54:29.327000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":8.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-295"],"nvd_references":["https://www.qnap.com/en/security-advisory/qsa-25-09"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:14.740450Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"H","value_label":"High"}]},"affected":[{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"file-station-5","product_name":"File Station 5","version_start":"5.5.x","version_start_inclusive":true,"version_end":"5.5.6.4791","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:file-station-5:5.5.x:5.5.6.4791"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-25-09","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-06-06T15:54:29.327000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:44:24.004764Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:24.004764Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:24.004764Z","label":"CVSS score revised","source":"cvelistv5"}]}