Tag
CVE-2025-30028: Synology Active Backup for Business Arbitrary File Read
2 rules 1 TTP 1 CVECVE-2025-30028 is a vulnerability in Synology Active Backup for Business that allows unauthorized remote attackers to read arbitrary files due to improper neutralization of special elements used in an SQL Command ('SQL Injection').
CVE-2025-14713: Synology C2 Identity Edge Server Credentials Exposure
1 rule 1 TTP 1 CVESynology C2 Identity Edge Server package in DSM before 1.76.0-0307 is vulnerable to an Exposed Dangerous Method or Function (CWE-749), allowing remote attackers to obtain user credentials from the edge server.
CVE-2025-13392 - Synology DiskStation Manager (DSM) Authentication Bypass
2 rules 1 TTP 1 CVESynology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 is vulnerable to improper checks for unusual or exceptional conditions in SSO, allowing remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
CVE-2025-12686 - Synology BeeStation Manager and OS AdminCenter Buffer Overflow Vulnerability
2 rules 1 TTP 1 CVEA buffer overflow vulnerability exists in the AdminCenter component of Synology BeeStation Manager (BSM) and BeeStation OS before version 1.3.2-65648, allowing remote attackers to execute arbitrary code through unspecified vectors (CVE-2025-12686).
Synology SSL VPN Client Plaintext Password Storage Vulnerability (CVE-2021-47961)
2 rules 1 TTP 1 CVESynology SSL VPN Client before 1.4.5-0684 stores passwords in plaintext, allowing remote attackers to potentially access or manipulate user PIN codes, leading to unauthorized VPN configuration and traffic interception.