Skip to main content

Synology

Vendor security scorecard – 38 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 64
38
CVEs
2
Critical
11
High
0
KEV
0
PoC
0
Unpatched C/H
94.7%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
2
HIGH
11
MEDIUM
22
LOW
3

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-12686 Remote code execution in Synology BeeStation OS versions before 1.3.2-65648 stems from a classic buffer overflow in the AdminCenter component, the device's web-based management interface. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates a network-reachable flaw exploitable by unauthenticated attackers with low complexity and no user interaction, yielding full compromise of confidentiality, integrity, and availability (9.8 Critical). There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the unauthenticated network-RCE profile on a consumer NAS device makes this a high-priority patch target. CRITICAL 9.8 0.2% 49
CVE-2024-45538 Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. CRITICAL 9.6 0.1% 48
CVE-2026-31998 Synology OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass in the synology-chat channel plugin where misconfigured allowlist policies with empty user IDs fail open, allowing authenticated Synology senders to dispatch unauthorized agents and execute downstream tool actions. The vulnerability requires network access and low-complexity exploitation, with a patch currently available. HIGH 8.3 0.0% 42
CVE-2025-13392 Authentication bypass in Synology DiskStation Manager (DSM) SSO lets remote, unauthenticated attackers who already know a valid account's distinguished name (DN) impersonate that identity and gain access to the NAS, with high confidentiality, integrity, and availability impact (CVSS 8.1). The flaw stems from an improper check of an exceptional condition (CWE-754) in the single sign-on flow. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.05%, 17th percentile), consistent with the high attack complexity Synology assigned. HIGH 8.1 0.1% 41
CVE-2021-47961 A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. HIGH 8.1 0.0% 41
CVE-2022-49036 An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. HIGH 7.8 0.0% 39
CVE-2022-49042 An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. HIGH 7.8 0.0% 39
CVE-2025-54160 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. HIGH 7.8 0.0% 39
CVE-2023-52945 Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. HIGH 7.8 0.0% 39
CVE-2025-54158 Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. HIGH 7.8 0.0% 39
CVE-2024-45539 Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. HIGH 7.5 0.2% 38
CVE-2025-54159 Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors. HIGH 7.5 0.1% 38
CVE-2025-14713 Credential disclosure in Synology C2 Identity Edge Server (DSM versions before 1.76.0-0307) allows remote unauthenticated attackers to retrieve user credentials directly from the edge server over the network. The flaw stems from an exposed dangerous method/function (CWE-749) reachable without authentication, yielding a high-confidentiality impact with no integrity or availability effect. No public exploit has been identified at time of analysis, and EPSS scores it at the bottom 7th percentile, indicating low near-term exploitation likelihood despite the network-reachable vector. HIGH 7.5 0.0% 38
CVE-2024-11399 Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. MEDIUM 6.8 0.0% 34
CVE-2026-3091 Synology Presto Client versions prior to 2.1.3-0672 are vulnerable to DLL hijacking during installation, enabling local attackers with user privileges to read or write arbitrary files by placing malicious libraries in the installer directory. The vulnerability requires user interaction and local access but grants high-impact capabilities including confidentiality and integrity violations. No patch is currently available. MEDIUM 6.7 0.0% 34
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy