Buffer Overflow Vulnerability in Synology BeeStation Manager
CVE-2025-12686

9.8CRITICAL

Key Information:

Vendor: Synology
Status: Beestation Manager (bsm); Beestation Os
Vendor: CVE Published:; 27 May 2026

What is CVE-2025-12686?

A buffer overflow vulnerability exists in the AdminCenter of Synology's BeeStation Manager, affecting versions before 1.3.2-65648. This flaw allows remote attackers to exploit the system, potentially leading to arbitrary code execution through various unspecified vectors. It is crucial for users of the affected software to apply necessary security updates promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

BeeStation Manager (BSM) 1.2

BeeStation Manager (BSM) 1.2 < 1.3.2-65648

BeeStation Manager (BSM) 1.1 < 1.3.2-65648

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Nov 4, 2025

Credit

@Tek_7987 & @_Anyfun (@Synacktiv)

CVE-2025-12686 Data

JSON