CVE-2025-58463

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-58463

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58463.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-58463

Published

2025-11-07T16:15:40.780Z

Modified

2026-03-13T03:37:21.202135Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

References

https://www.qnap.com/en/security-advisory/qsa-25-37

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58463.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.10.0.291"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.10.0.291"
            },
            {
                "fixed": "5.10.0.305"
            }
        ]
    }
]