Improper Output Encoding Vulnerability in Synology BeeStation Manager and DiskStation Manager
CVE-2024-50629

5.3MEDIUM

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm); Beestation Os (bsm)
Vendor: CVE Published:; 19 March 2025

Summary

An improper encoding or escaping of output vulnerability exists in the webapi component of Synology BeeStation Manager and DiskStation Manager. This flaw permits remote attackers to potentially read limited files through unspecified vectors, impacting the integrity of the system. Users are advised to update to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

BeeStation OS (BSM) 1.1

BeeStation OS (BSM) 1.1 < 1.1-65374

BeeStation OS (BSM) 1.0 < 1.1-65374

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 19, 2025
Vulnerability Reserved
Oct 28, 2024

Credit

Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from DEVCORE Research Team