{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/c2-identity-edge-server/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2025-14713"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["C2 Identity Edge Server","DSM"],"_cs_severities":["high"],"_cs_tags":["cve-2025-14713","synology","credential exposure","cwe-749"],"_cs_type":"advisory","_cs_vendors":["Synology Inc."],"content_html":"\u003cp\u003eSynology C2 Identity Edge Server is vulnerable to an Exposed Dangerous Method or Function vulnerability (CVE-2025-14713). This flaw exists in versions of the Synology C2 Identity Edge Server package running on DSM before 1.76.0-0307. Remote attackers can exploit this vulnerability to obtain user credentials directly from the edge server. The vulnerability poses a significant risk to organizations using affected versions of Synology\u0026rsquo;s C2 Identity Edge Server, potentially leading to unauthorized access and data breaches. Defenders need to upgrade to version 1.76.0-0307 or later to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Synology C2 Identity Edge Server running a DSM version prior to 1.76.0-0307.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted request to the edge server, targeting the exposed dangerous method or function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function processes the request without proper authorization or input validation.\u003c/li\u003e\n\u003cli\u003eThe server exposes sensitive user credentials in its response.\u003c/li\u003e\n\u003cli\u003eThe attacker captures the exposed user credentials from the server\u0026rsquo;s response.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the obtained credentials to authenticate to other services or systems accessible via the exposed credentials.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-14713 allows remote attackers to obtain user credentials from the Synology C2 Identity Edge Server. This could lead to unauthorized access to sensitive data, lateral movement within the network, and potential compromise of the entire system. The impact is significant as it directly leads to credential exposure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Synology C2 Identity Edge Server package to version 1.76.0-0307 or later to patch CVE-2025-14713.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests targeting the Synology C2 Identity Edge Server using the Sigma rule provided to detect potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T09:18:00Z","date_published":"2026-05-27T09:18:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-14713-synology/","summary":"Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 is vulnerable to an Exposed Dangerous Method or Function (CWE-749), allowing remote attackers to obtain user credentials from the edge server.","title":"CVE-2025-14713: Synology C2 Identity Edge Server Credentials Exposure","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-14713-synology/"}],"language":"en","title":"CraftedSignal Threat Feed — C2 Identity Edge Server","version":"https://jsonfeed.org/version/1.1"}