EUVD-2025-209959
GHSA-jmjf-jwvm-x7jx
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
AnalysisAI
Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticated attackers to retrieve user credentials directly from the edge server over the network. The flaw stems from an exposed dangerous method/function (CWE-749) reachable without authentication, yielding a high-confidentiality impact with no integrity or availability effect. No public exploit has been identified at time of analysis, and EPSS scores it at the bottom 7th percentile, indicating low near-term exploitation likelihood despite the network-reachable vector.
Technical ContextAI
Synology C2 Identity is Synology's cloud-based identity and access management (IAM) service, and the Edge Server is an on-premises package deployed on DSM (DiskStation Manager) appliances to bridge local directory/authentication services with the C2 Identity cloud - making it a sensitive component that handles user identity data and credentials. The root cause is classified as CWE-749 (Exposed Dangerous Method or Function), meaning a method or function intended for internal or privileged use is reachable through an external interface without adequate access control. In this case that exposed functionality permits retrieval of user credentials from the edge server. The EUVD-tracked affected component is the C2 Identity Edge Server package on all versions prior to 1.76.0-0307; no granular CPE strings were provided in the input beyond this version-bounded identifier.
RemediationAI
Apply the vendor-released patch: upgrade the C2 Identity Edge Server package to version 1.76.0-0307 or later, per Synology advisory SA_25_18 (https://www.synology.com/en-global/security/advisory/Synology_SA_25_18). No vendor workaround was published in the available data, so patching is the primary and recommended action. Until the update is applied, reduce exposure by restricting network reachability of the edge server - limit inbound access to the package's service ports to trusted management networks or place it behind a VPN/firewall ACL so it is not reachable from untrusted networks; the trade-off is that overly tight restrictions could disrupt legitimate identity-bridging traffic between on-premises directories and the C2 Identity cloud, so scope the rules to known C2 Identity endpoints. After patching, treat any credentials that may have been exposed as potentially compromised and rotate them.
More from same product – last 7 days
Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the
Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know
Volume encryption in Synology Storage Manager before version 1.0.1-1100 transmits sensitive data via HTTP GET query stri
Arbitrary file write with restricted content in Synology ActiveProtect Agent before 1.1.0-0439 is exploitable by local u
Synology Active Backup for Business Agent before version 3.1.0-4967 contains an origin validation error (CWE-346) that p
Share
External POC / Exploit Code
Leaving vuln.today