HomeSynologyCVE-2025-1021

CVE-2025-1021

HIGH
7.5CVSS
Published: 2025-04-23
Updated: 2025-11-17
AI Analysis

Description

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
network
Complexity
low
Privileges
none
User Action
none
Scope
unchanged
Confidentiality
high
Integrity
none
Availability
none
Weaknesses
CWE-862

Metadata

Primary Vendor
SYNOLOGY
Published
4/23/2025
Last Modified
11/17/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

synology : diskstation_managersynology : diskstation_managersynology : diskstation_manager

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2025-1021 | HIGH Severity | CVEDatabase.com | CVEDatabase.com