What is the CVSS score of CVE-2025-8074?

CVE-2025-8074 has a CVSS 3.1 base score of 5.6 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.0%.

Which versions of Beedrive are affected by CVE-2025-8074?

Organizations using validation error vulnerability in BeeDrive in Synology BeeDrive for desktop should be aware of moderate risk from CVE-2025-8074 rated CVSS 5.6.. A patch is available.

How to fix or mitigate CVE-2025-8074?

Within 30 days: Identify affected systems running validation error vulnerability in BeeDrive in Synology BeeDr and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Beedrive CVE-2025-8074

EUVD-2025-201163 MEDIUM

Origin Validation Error (CWE-346)

2025-12-04 security@synology.com

Information Disclosure Synology Beedrive

5.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.4.3-13973

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201163

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

CVE Published

Dec 04, 2025 - 16:16 nvd

MEDIUM 5.6

DescriptionNVD

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.

Analysis

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Origin Validation Error (CWE-346).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

More from same product – last 7 days

CVE-2025-12686 CRITICAL Act Now

9.8 May 27

Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the

CVE-2025-13392 HIGH This Week

8.1 May 27

Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know

CVE-2025-14713 HIGH This Week

7.5 May 27

Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticate

CVE-2026-2237 MEDIUM This Month

6.2 May 27

Volume encryption in Synology Storage Manager before version 1.0.1-1100 transmits sensitive data via HTTP GET query stri

CVE-2025-13593 MEDIUM This Month

6.1 May 27

Arbitrary file write with restricted content in Synology ActiveProtect Agent before 1.1.0-0439 is exploitable by local u

CVE-2025-8074 vulnerability details – vuln.today

Back