{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2025-30028/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.6,"id":"CVE-2025-30028"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Active Backup for Business"],"_cs_severities":["high"],"_cs_tags":["cve-2025-30028","sql-injection","synology"],"_cs_type":"advisory","_cs_vendors":["Synology"],"content_html":"\u003cp\u003eCVE-2025-30028 is a security vulnerability affecting Synology Active Backup for Business. This vulnerability allows unauthorized remote attackers to read arbitrary files on the system. The root cause is an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. An attacker can exploit this vulnerability without authentication, posing a significant risk to the confidentiality of data stored within Active Backup for Business. This vulnerability was disclosed on May 27, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a crafted HTTP request to the Active Backup for Business server.\u003c/li\u003e\n\u003cli\u003eThe request exploits an SQL injection vulnerability within the application\u0026rsquo;s handling of user-supplied input.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code bypasses authentication and authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts the SQL injection payload to read arbitrary files from the file system.\u003c/li\u003e\n\u003cli\u003eThe application executes the malicious SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database returns the contents of the requested file to the application.\u003c/li\u003e\n\u003cli\u003eThe application sends the contents of the file back to the attacker in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains unauthorized access to sensitive data stored on the server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-30028 allows unauthorized remote attackers to read arbitrary files on a Synology Active Backup for Business server. This could lead to the exposure of sensitive data, including backup configurations, user credentials, and protected data stored within the backups. The vulnerability has a CVSS v3.1 score of 8.6, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Synology as detailed in their advisory: \u003ca href=\"https://www.synology.com/en-global/security/advisory/Synology_SA_25_02\"\u003ehttps://www.synology.com/en-global/security/advisory/Synology_SA_25_02\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential exploitation attempts against Active Backup for Business.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious SQL injection attempts targeting Active Backup for Business endpoints using the provided Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T09:18:13Z","date_published":"2026-05-27T09:18:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-30028/","summary":"CVE-2025-30028 is a vulnerability in Synology Active Backup for Business that allows unauthorized remote attackers to read arbitrary files due to improper neutralization of special elements used in an SQL Command ('SQL Injection').","title":"CVE-2025-30028: Synology Active Backup for Business Arbitrary File Read","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-30028/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2025-30028","version":"https://jsonfeed.org/version/1.1"}