Vendor

Synology

4 briefs RSS

CVE-2025-30028: Synology Active Backup for Business Arbitrary File Read

CVE-2025-30028 is a vulnerability in Synology Active Backup for Business that allows unauthorized remote attackers to read arbitrary files due to improper neutralization of special elements used in an SQL Command ('SQL Injection').

Active Backup for Business cve-2025-30028 sql-injection synology

2r 1t 1c 2h ago

high advisory

CVE-2025-13392 - Synology DiskStation Manager (DSM) Authentication Bypass

2 rules 1 TTP 1 CVE

Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 is vulnerable to improper checks for unusual or exceptional conditions in SSO, allowing remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).

DiskStation Manager +1 authentication-bypass cve-2025-13392 synology

2r 1t 1c 2h ago

high advisory

Synology BeeDrive DLL Hijacking Vulnerability (CVE-2023-52945)

2 rules 2 TTPs 1 CVE

Synology BeeDrive for desktop before 1.3.2-13814 is vulnerable to an uncontrolled search path element, allowing local users to execute arbitrary code through a maliciously placed OpenSSL DLL component.

BeeDrive for desktop dll-hijacking privilege-escalation cve-2023-52945

2r 2t 1c 2h ago

critical advisory

CVE-2025-12686 - Synology BeeStation Manager and OS AdminCenter Buffer Overflow Vulnerability

2 rules 1 TTP 1 CVE

A buffer overflow vulnerability exists in the AdminCenter component of Synology BeeStation Manager (BSM) and BeeStation OS before version 1.3.2-65648, allowing remote attackers to execute arbitrary code through unspecified vectors (CVE-2025-12686).

BeeStation Manager +2 cve-2025-12686 buffer-overflow remote-code-execution synology

2r 1t 1c 2h ago