Primary

Context

Synology BeeStation OS and DiskStation Manager Improper Certificate Validation Vulnerability Allowing Remote File Writing

Vulnerability

Patched

A vulnerability exists in the update functionality of Synology BeeStation OS (BSM) versions prior to 1.1-65374 and in Synology DiskStation Manager (DSM) versions prior to 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4 and 7.2.2-72806-1. This vulnerability arises from improper validation of certificates, which allows remote attackers to write limited files through unspecified vectors.

Impact

Exploitation of this vulnerability could lead to unauthorized writing of files on the affected system.

Remediation

Users can upgrade to Synology BeeStation OS version 1.1-65374 or above. For DiskStation Manager, users should upgrade to version 7.2.2-72806-1, 7.2.1-69057-6, 7.2-64570-4, 7.1.1-42962-7 or 6.2.4-25556-8.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

0.6

exploitability

6.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

0.6

exploitability

6.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology BeeStation OS and DiskStation Manager Improper Certificate Validation Vulnerability Allowing Remote File Writing

Vulnerability

Impact

Remediation

Affected Products

Synology BeeStation OS

Synology DiskStation Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating