Primary

Context

Synology Active Backup for Business Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A path traversal vulnerability has been identified in Synology Active Backup for Business versions prior to 2.7.1-13234, 2.7.1-23234, and 2.7.1-3234. This vulnerability allows remote authenticated users with administrator privileges to delete arbitrary files through unspecified vectors. The issue arises from improper limitations on file paths, enabling unauthorized file deletion within agent-related functionality.

Impact

Exploitation of this vulnerability allows for the arbitrary deletion of files on the affected system.

Remediation

Users can upgrade to Active Backup for Business version 2.7.1-13234 or above for DSM 7.1, version 2.7.1-23234 or above for DSM 7.2, or version 2.7.1-3234 or above for DSM 6.2.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Active Backup for Business Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating