Volerion logoVolerion
Volerion logoVolerion

Synology BeeStation OS and DiskStation Manager Improper Output Encoding Vulnerability Allowing File Read

Vulnerability

A vulnerability exists in the webapi component of Synology BeeStation OS (BSM) versions prior to 1.1-65374, as well as in Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6, and 7.2.2-72806-1. This vulnerability stems from improper encoding or escaping of output, which enables remote attackers to read limited files through unspecified vectors.

Impact

Exploitation of this vulnerability allows remote attackers to read specific files on the affected system.

Remediation

Users can upgrade to Synology BeeStation OS version 1.1-65374 or above. For Synology DiskStation Manager, users should upgrade to version 7.1.1-42962-7 or above, 7.2-64570-4 or above, 7.2.1-69057-6 or above, or 7.2.2-72806-1 or above.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
3.3
exploitability
7.0
remediation
7.7
relevance
0.0
threat
0.1
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.