Authorization Flaw in Synology DiskStation Manager Exposes Sensitive Files
CVE-2025-1021
7.5HIGH
Summary
A security oversight in Synology DiskStation Manager (DSM) allows remote attackers to exploit a missing authorization vulnerability, leading to unauthorized access to sensitive files. This flaw impacts several versions of DSM, enabling attackers to read arbitrary files through unspecified methods, ultimately posing a serious risk to data confidentiality and integrity.
Affected Version(s)
DiskStation Manager (DSM) 7.2.2
DiskStation Manager (DSM) 7.2.2 < 7.2.2-72806-3
DiskStation Manager (DSM) 7.2.1 < 7.2.1-69057-7
News Articles
GBHackers NewsCVE-2025-1021Synology Network File System Vulnerability Allows Unauthorized File Access
A critical security vulnerability in Synology’s Network File System (NFS) service, tracked as CVE-2025-1021, attackers to access sensitive files.
2 weeks ago
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- đź“°
First article discovered by GBHackers News
Vulnerability published