Sensitive Information Exposure in Synology Active Backup for Microsoft 365
CVE-2025-4679

6.5MEDIUM

Key Information:

Vendor

Synology
Status
Active Backup For Microsoft 365
Vendor
CVE Published:
16 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-4679?

A vulnerability in Synology Active Backup for Microsoft 365 permits remote authenticated attackers to gain access to sensitive data through unspecified methods, potentially compromising user privacy and security. This flaw underscores the importance of stringent access controls and prompt security updates.

Affected Version(s)

Active Backup for Microsoft 365 Unknown

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-4679-SecureOAuth-Demo---Enfoque-educativo
Created by fevar54

References

https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thorsten Schröder
JSON
.
CVE-2025-4679 : Sensitive Information Exposure in Synology Active Backup for Microsoft 365