CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-58465

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.9%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.qnap.com/en/security-advisory/qsa-25-37

Products affected by CVE-2025-58465

Qnap » Download Station » Version: 5.10.0.291

cpe:2.3:a:qnap:download_station:5.10.0.291
Qnap » Download Station » Version: 5.10.0.304

cpe:2.3:a:qnap:download_station:5.10.0.304
Qnap » Qts » Version: 5.2.1.2930

cpe:2.3:o:qnap:qts:5.2.1.2930
Qnap » Quts Hero » Version: h5.2.1.2929

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929
Qnap » Quts Hero » Version: h5.2.1.2940

cpe:2.3:o:qnap:quts_hero:h5.2.1.2940

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-58465

Products

Pricing

Contact Us