Synology DiskStation Manager
Moderate fix2 remedies
cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*, +1 more
Moderate fix2 remedies
- < 7.2.1-69057-2
- < 7.2.2-72806
Synology DiskStation Manager and Unified Controller Cross-Site Request Forgery Vulnerability Allowing Arbitrary Code Execution
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WebAPI Framework of Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-2 and 7.2.2-72806, as well as in Synology Unified Controller (DSMUC) versions prior to 3.1.4-23079. This vulnerability allows remote attackers to execute arbitrary code by exploiting unspecified vectors.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected system.
Remediation
Users are advised to upgrade to Synology DiskStation Manager (DSM) 7.2.2-72806 or above, or DSM 7.2.1-69057-2 or above. For Synology Unified Controller (DSMUC), upgrade to version 3.1.4-23079 or above.
Added: Dec 4, 2025, 3:32 PM
Updated: Dec 4, 2025, 6:26 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
10.0exploitability
6.0remediation
7.7relevance
1.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.