Missing Authentication Vulnerability in Synology Drive Server
CVE-2024-50630

7.5HIGH

Key Information:

Vendor: Synology
Status: Synology Drive Server
Vendor: CVE Published:; 19 March 2025

Badges

📰 News Worthy

What is CVE-2024-50630?

A vulnerability within the webapi component of Synology Drive Server exposes critical functions without proper authentication. This flaw allows remote attackers to gain unauthorized access to administrator credentials through unspecified attack vectors, potentially compromising system integrity and confidentiality. Users are advised to update to the latest versions to mitigate any risks associated with this vulnerability.

Affected Version(s)

Synology Drive Server *

Synology Drive Server * < 3.0.4-12699

Synology Drive Server * < 3.5.1-26102

News Articles

GBHackers News

CVE-2024-50629 CVE-2024-50630

Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit

While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology BeeStation.

3 weeks ago

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by GBHackers News
Dec 4, 2025
Vulnerability published
Mar 19, 2025
Vulnerability Reserved
Oct 28, 2024

Credit

Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from DEVCORE Research Team

JSON