Exposed Dangerous Method Vulnerability in Synology C2 Identity Edge Server
CVE-2025-14713

7.5HIGH

Key Information:

Vendor: Synology
Status: C2 Identity Edge Server
Vendor: CVE Published:; 27 May 2026

What is CVE-2025-14713?

A vulnerability exists in the Synology C2 Identity Edge Server package that allows unauthorized remote attackers to expose user credentials. This issue arises from inappropriate access control measures that fail to restrict sensitive methods, enabling attackers to exploit these vulnerabilities and gain unauthorized access to sensitive user data.

Affected Version(s)

C2 Identity Edge Server *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Dec 15, 2025

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)

CVE-2025-14713 Data

JSON