What is the CVSS score of CVE-2025-54160?

CVE-2025-54160 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Beedrive are affected by CVE-2025-54160?

Synology BeeDrive for desktop versions prior to 1.4.2-13960 contain a path traversal vulnerability that enables local users to execute arbitrary code, potentially compromising data security and…. A patch is available.

How to fix or mitigate CVE-2025-54160?

Within 24 hours: Identify all instances of Synology BeeDrive for desktop across the organization and document current versions via endpoint management tools. Within 7 days: Deploy BeeDrive version 1.4.2-13960 or later to all affected endpoints through your software update mechanism; verify installation on at least 95% of targets. Within 30 days: Complete audit of all endpoints to confirm 100% compliance with minimum version 1.4.2-13960 and document any systems unable to update for exception review.

Beedrive CVE-2025-54160

EUVD-2025-201165 HIGH

Path Traversal (CWE-22)

2025-12-04 security@synology.com

RCE Path Traversal Synology Beedrive

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:23 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.4.2-13960

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201165

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

CVE Published

Dec 04, 2025 - 16:16 nvd

HIGH 7.8

DescriptionNVD

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

More from same product – last 7 days

CVE-2025-12686 CRITICAL Act Now

9.8 May 27

Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the

CVE-2025-13392 HIGH This Week

8.1 May 27

Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know

CVE-2025-14713 HIGH This Week

7.5 May 27

Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticate

CVE-2026-2237 MEDIUM This Month

6.2 May 27

Volume encryption in Synology Storage Manager before version 1.0.1-1100 transmits sensitive data via HTTP GET query stri

CVE-2025-13593 MEDIUM This Month

6.1 May 27

Arbitrary file write with restricted content in Synology ActiveProtect Agent before 1.1.0-0439 is exploitable by local u

CVE-2025-54160 vulnerability details – vuln.today

Back

Beedrive CVE-2025-54160

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code