Primary

Context

Synology Drive Server SQL Injection Vulnerability in System Syncing Daemon

Vulnerability

Patched

A SQL injection vulnerability has been identified in the system syncing daemon of Synology Drive Server. This issue affects versions prior to 3.0.4-12699, 3.2.1-23280, 3.5.0-26085, and 3.5.1-26102. The vulnerability allows remote attackers to inject SQL commands, restricted to write operations, through unspecified vectors.

Impact

Exploitation of this vulnerability allows for SQL injection, with the potential to execute malicious SQL commands that could modify the database or its contents.

Remediation

Users can upgrade to Synology Drive Server versions 3.5.1-26102, 3.5.0-26085, 3.2.1-23280, or 3.0.4-12699 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Drive Server SQL Injection Vulnerability in System Syncing Daemon

Vulnerability

Impact

Remediation

Affected Products

Synology Drive Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating