Synology DiskStation Manager
Moderate fix3 remedies
cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 7.1.1-42962-8
- < 7.2.1-69057-7
- < 7.2.2-72806-3
Synology DiskStation Manager Improper Certificate Validation Vulnerability in LDAP Utilities Allowing Authentication Hijacking
Vulnerability
Patched
A vulnerability exists in the LDAP utilities of Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8, 7.2.1-69057-7, and 7.2.2-72806-3. This vulnerability involves improper certificate validation, which allows man-in-the-middle attackers to hijack the authentication of administrators through unspecified vectors.
Impact
Exploitation of this vulnerability allows man-in-the-middle attackers to hijack the authentication of administrators.
Remediation
Users can upgrade to Synology DiskStation Manager versions 7.1.1-42962-8, 7.2.1-69057-7, or 7.2.2-72806-3 to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
5.0exploitability
5.6remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.