EUVD-2025-209963
GHSA-43p3-6ww8-9fwv
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Lifecycle Timeline
2DescriptionNVD
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation.
AnalysisAI
Synology Assistant before version 7.0.6-50085 exposes local users to arbitrary file write with restricted content via an origin validation error triggered during the installation process. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) indicates that while integrity impact is limited, availability impact is rated High - meaning an attacker can corrupt or overwrite files in ways that destabilize the system, even though the written content is constrained. No public exploit code exists and CISA has not added this to KEV; EPSS stands at 0.00%, reflecting minimal observed exploitation interest.
Technical ContextAI
CWE-346 (Origin Validation Error) describes a failure to properly verify the source or legitimacy of data before acting on it. In the context of Synology Assistant's installer, the software incorrectly trusts locally-supplied input to determine write targets without adequately validating the origin of the request or resource. This class of flaw during installation is commonly associated with symlink attacks or race conditions where an unprivileged local actor manipulates the filesystem state between the installer's validation and write phases. The affected product, Synology Assistant (all versions below 7.0.6-50085), is a network utility application for discovering and managing Synology NAS devices from a desktop client. Because the vulnerability manifests during installation (a privileged operation), the installer's elevated context is likely what enables writes to otherwise restricted paths.
RemediationAI
The primary remediation is to upgrade Synology Assistant to version 7.0.6-50085 or later, per the vendor-released patch documented in Synology Security Advisory SA-25-17 at https://www.synology.com/en-global/security/advisory/Synology_SA_25_17. As a compensating control where immediate upgrade is not possible, administrators should ensure that no untrusted local users have access to systems at the time Synology Assistant installations or updates are performed - this directly limits the exploitation window, which is constrained to the installation phase. Restricting write permissions on directories targeted by the installer, where operationally feasible, can reduce the blast radius. Note that these workarounds do not eliminate the root cause and should be treated as temporary measures only.
More from same product – last 7 days
Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the
Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know
Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticate
Volume encryption in Synology Storage Manager before version 1.0.1-1100 transmits sensitive data via HTTP GET query stri
Arbitrary file write with restricted content in Synology ActiveProtect Agent before 1.1.0-0439 is exploitable by local u
Share
External POC / Exploit Code
Leaving vuln.today