39
CVEs
5
Critical
14
High
0
KEV
0
PoC
7
Unpatched C/H
61.5%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
14
MEDIUM
19
LOW
1
Monthly CVE Trend
Affected Products (16)
Diskstation Manager
8
Beedrive
4
File Station
3
Active Backup For Business Agent
3
Beestation Os
3
Diskstation Manager Unified Controller
3
Drive Server
2
Cc400W Firmware
1
Bc500 Firmware
1
Active Backup For Microsoft 365
1
Mail Server
1
Mattermost
1
Presto Client
1
Replication Service
1
Tc500 Firmware
1
Unified Controller
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-12686 | Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the AdminCenter component, the device's web-based management interface. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates a network-reachable flaw exploitable by unauthenticated attackers with low complexity and no user interaction, yielding full compromise of confidentiality, integrity, and availability (9.8 Critical). There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the unauthenticated network-RCE profile on a consumer NAS device makes this a high-priority patch target. | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2024-45538 | Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. | CRITICAL | 9.6 | 0.1% | 48 |
|
| CVE-2025-29884 | CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. The vulnerability requires user-level access but enables complete system compromise with high impact across all security dimensions. No active KEV or public POC data is currently available, but the CVSS 8.8 score and low attack complexity indicate this should be prioritized for patching. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2025-29885 | CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. The vulnerability affects File Station 5 versions prior to 5.5.6.4791 and requires valid user credentials to exploit. With a CVSS score of 8.8 and a low attack complexity, this represents a significant risk to organizations running vulnerable versions, though exploitation requires prior authentication. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2026-31998 | Synology OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass in the synology-chat channel plugin where misconfigured allowlist policies with empty user IDs fail open, allowing authenticated Synology senders to dispatch unauthorized agents and execute downstream tool actions. The vulnerability requires network access and low-complexity exploitation, with a patch currently available. | HIGH | 8.3 | 0.0% | 42 |
|
| CVE-2025-13392 | Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know a valid account's distinguished name (DN) impersonate that identity and gain access to the NAS, with high confidentiality, integrity, and availability impact (CVSS 8.1). The flaw stems from an improper check of an exceptional condition (CWE-754) in the single sign-on flow. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.05%, 17th percentile), consistent with the high attack complexity Synology assigned. | HIGH | 8.1 | 0.1% | 41 |
|
| CVE-2025-54160 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2025-54158 | Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2025-1021 | Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.3% | 38 |
No patch
|
| CVE-2024-45539 | Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | HIGH | 7.5 | 0.2% | 38 |
|
| CVE-2025-29872 | Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources without limits or throttling, preventing legitimate users and processes from accessing the affected service. The vulnerability affects File Station 5 versions prior to 5.5.6.4847 and is remotely exploitable with no user interaction required once account access is obtained. With a CVSS score of 7.5 (High) and network-based attack vector, this represents a significant availability risk for organizations relying on File Station for network file access. | HIGH | 7.5 | 0.1% | 38 |
|
| CVE-2025-54159 | Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors. | HIGH | 7.5 | 0.1% | 38 |
|
| CVE-2025-14713 | Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticated attackers to retrieve user credentials directly from the edge server over the network. The flaw stems from an exposed dangerous method/function (CWE-749) reachable without authentication, yielding a high-confidentiality impact with no integrity or availability effect. No public exploit has been identified at time of analysis, and EPSS scores it at the bottom 7th percentile, indicating low near-term exploitation likelihood despite the network-reachable vector. | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2026-3091 | Synology Presto Client versions prior to 2.1.3-0672 are vulnerable to DLL hijacking during installation, enabling local attackers with user privileges to read or write arbitrary files by placing malicious libraries in the installer directory. The vulnerability requires user interaction and local access but grants high-impact capabilities including confidentiality and integrity violations. No patch is currently available. | MEDIUM | 6.7 | 0.0% | 34 |
No patch
|
| CVE-2024-47265 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.5 | 0.7% | 33 |
No patch
|