Primary

Context

Synology Active Backup for Business Path Traversal Vulnerability in Encrypted Share Umount Functionality

Vulnerability

A path traversal vulnerability has been identified in Synology Active Backup for Business versions prior to 2.7.1-13234, 2.7.1-23234, and 2.7.1-3234. This vulnerability allows remote authenticated users to write specific files by improperly limiting the pathname to a restricted directory during the encrypted share unmounting process.

Impact

Exploitation of this vulnerability allows for arbitrary file writing by remote authenticated users with administrator privileges.

Remediation

Users can upgrade to Synology Active Backup for Business version 2.7.1-23234 or above on DSM 7.2, version 2.7.1-13234 or above on DSM 7.1, or version 2.7.1-3234 or above on DSM 6.2.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Active Backup for Business Path Traversal Vulnerability in Encrypted Share Umount Functionality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating