Skip to main content

Active Backup For Business

1 CVEs product

Monthly

CVE-2025-30028 HIGH PATCH This Week

Arbitrary file disclosure in Synology Active Backup for Business (DSM add-on package, versions before 2.7.1-3234) lets unauthenticated remote attackers read sensitive files on the host via a SQL injection flaw (CWE-89). The vulnerability scores CVSS 8.6 with a changed scope and high confidentiality impact, but EPSS estimates only a 0.04% (14th percentile) exploitation probability, and there is no public exploit identified at time of analysis nor any CISA KEV listing. Synology, who self-reported the issue, has released a fixed package.

SQLi Active Backup For Business
NVD
CVSS 3.1
8.6
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Arbitrary file disclosure in Synology Active Backup for Business (DSM add-on package, versions before 2.7.1-3234) lets unauthenticated remote attackers read sensitive files on the host via a SQL injection flaw (CWE-89). The vulnerability scores CVSS 8.6 with a changed scope and high confidentiality impact, but EPSS estimates only a 0.04% (14th percentile) exploitation probability, and there is no public exploit identified at time of analysis nor any CISA KEV listing. Synology, who self-reported the issue, has released a fixed package.

SQLi Active Backup For Business
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy