Unauthorized File Access in Active Backup for Business by Synology
CVE-2025-30028

8.6HIGH

Key Information:

Vendor: Synology
Status: Active Backup For Business
Vendor: CVE Published:; 27 May 2026

What is CVE-2025-30028?

A security flaw in Synology's Active Backup for Business enables unauthorized remote attackers to gain read access to arbitrary files on affected systems. This vulnerability poses a significant risk to data confidentiality, as it could allow malicious users to exploit the system and access sensitive information without proper authorization.

Affected Version(s)

Active Backup for Business *

Active Backup for Business * < 2.7.1-3234

Active Backup for Business * < 2.7.1-13234

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Mar 14, 2025

Credit

PSIRT

CVE-2025-30028 Data

JSON