Synology DiskStation Manager
Moderate fix2 remedies
cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*, +1 more
Moderate fix2 remedies
- < 7.1.1-42962-8
- < 7.2.1-69057-2
- < 7.2.2-72806
Synology DiskStation Manager and Unified Controller Improper Control of Dynamically-Managed Code Resources Vulnerability Allowing Privilege Escalation
Vulnerability
Patched
A vulnerability exists in the WebAPI component of Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8, 7.2.1-69057-2, and 7.2.2-72806, as well as in Synology Unified Controller (DSMUC) versions prior to 3.1.4-23079. This vulnerability allows remote authenticated users to gain privileges without consent, through unspecified vectors.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation for remote authenticated users.
Remediation
Users can upgrade to Synology DiskStation Manager (DSM) versions 7.2.2-72806 or above, 7.2.1-69057-2 or above, and for Synology Unified Controller (DSMUC) version 3.1.4-23079 or above.
Added: Dec 4, 2025, 3:31 PM
Updated: Dec 4, 2025, 6:25 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
5.0exploitability
4.9remediation
7.7relevance
1.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.