Synology

Synology, a well-known network-attached storage (NAS) and surveillance solutions provider, has a medium-severity vulnerability (CVSS 4.3) that requires adjacent network access with no authentication or user interaction needed, resulting in limited information disclosure with no integrity or availability impact. The vulnerability is tracked as ZDI-CAN-28485 and was reported in December 2025 with a vendor remediation deadline of April 2026. Security teams should monitor for patches from Synology and review network segmentation controls for any NAS or surveillance devices, as adjacent network access attacks may indicate compromised systems on the same network segment.