What is the CVSS score of CVE-2024-47264?

CVE-2024-47264 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 1.0%.

Which versions of Active Backup For Business Agent are affected by CVE-2024-47264?

Organizations using agent-related functionality in Synology Active Backup for Business should be aware of moderate risk from CVE-2024-47264, a path traversal vulnerability rated CVSS 4.9.

How to fix or mitigate CVE-2024-47264?

Within 30 days: Identify affected systems running agent-related functionality in Synology Active Backup for Bu and apply vendor patches as part of regular patch cycle. Review file handling controls.

Active Backup For Business Agent CVE-2024-47264

MEDIUM

Path Traversal (CWE-22)

2025-02-13 security@synology.com

Path Traversal Synology Active Backup For Business Agent

4.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:26 vuln.today

CVE Published

Feb 13, 2025 - 07:15 nvd

MEDIUM 4.9

DescriptionNVD

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.

AnalysisAI

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors. Affected products include: Synology Active Backup For Business Agent. Version information: before 2.7.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More from same product – last 7 days

CVE-2025-12686 CRITICAL Act Now

9.8 May 27

Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the

CVE-2025-13392 HIGH This Week

8.1 May 27

Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know

CVE-2025-14713 HIGH This Week

7.5 May 27

Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticate

CVE-2026-2237 MEDIUM This Month

6.2 May 27

Volume encryption in Synology Storage Manager before version 1.0.1-1100 transmits sensitive data via HTTP GET query stri

CVE-2025-13593 MEDIUM This Month

6.1 May 27

Arbitrary file write with restricted content in Synology ActiveProtect Agent before 1.1.0-0439 is exploitable by local u

CVE-2024-47264 vulnerability details – vuln.today

Back

Active Backup For Business Agent CVE-2024-47264

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code