{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/diskstation-manager-dsm--7.3.1-86003-1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-13392"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DiskStation Manager (DSM) \u003c 7.2.2-72806-5","DiskStation Manager (DSM) \u003c 7.3.1-86003-1"],"_cs_severities":["high"],"_cs_tags":["authentication-bypass","cve-2025-13392","synology"],"_cs_type":"advisory","_cs_vendors":["Synology"],"content_html":"\u003cp\u003eCVE-2025-13392 describes an authentication bypass vulnerability affecting the SSO component of Synology DiskStation Manager (DSM). The vulnerability exists in versions prior to 7.2.2-72806-5 and 7.3.1-86003-1, while version 7.2.1-69057 is not affected. A remote attacker with prior knowledge of the distinguished name (DN) can exploit this flaw to bypass authentication. This vulnerability enables unauthorized access to Synology DiskStation Manager devices. Successful exploitation allows attackers to gain administrative access to the device and the data it stores. Given the widespread use of Synology NAS devices for both personal and business data storage, this vulnerability poses a significant risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Synology DSM instance running a version prior to 7.2.2-72806-5 or 7.3.1-86003-1.\u003c/li\u003e\n\u003cli\u003eAttacker obtains the distinguished name (DN) of a valid user account. This could be achieved through reconnaissance or data breaches.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious authentication request to the SSO service, leveraging the improper checks for unusual or exceptional conditions.\u003c/li\u003e\n\u003cli\u003eThe crafted request utilizes the known DN to bypass the authentication process.\u003c/li\u003e\n\u003cli\u003eThe SSO service incorrectly validates the malicious authentication request.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the DSM instance with the privileges associated with the user whose DN was used.\u003c/li\u003e\n\u003cli\u003eThe attacker can now access and modify files, settings, and configurations within the DSM.\u003c/li\u003e\n\u003cli\u003eThe attacker can install malware, exfiltrate sensitive data, or disrupt services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-13392 allows remote attackers to bypass authentication on Synology DiskStation Manager (DSM) devices. This can lead to complete compromise of the device and the data stored on it, including sensitive personal and business information. The impact can range from data theft and ransomware attacks to disruption of critical services provided by the NAS. Given the high CVSS score of 8.1, this vulnerability is considered a critical threat.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Synology DiskStation Manager (DSM) to versions 7.2.2-72806-5 or 7.3.1-86003-1, or later to patch CVE-2025-13392.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious authentication attempts to the Synology DSM SSO service. Deploy the Sigma rules provided to detect anomalous SSO authentication patterns.\u003c/li\u003e\n\u003cli\u003eImplement strong password policies and multi-factor authentication to mitigate the impact of potential credential compromise, although this vulnerability bypasses authentication entirely with a known DN.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T09:17:49Z","date_published":"2026-05-27T09:17:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-13392-dsm-auth-bypass/","summary":"Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 is vulnerable to improper checks for unusual or exceptional conditions in SSO, allowing remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).","title":"CVE-2025-13392 - Synology DiskStation Manager (DSM) Authentication Bypass","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-13392-dsm-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — DiskStation Manager (DSM) \u003c 7.3.1-86003-1","version":"https://jsonfeed.org/version/1.1"}