Missing Authentication Vulnerability in Synology BeeDrive for Desktop
CVE-2025-54158

7.8HIGH

Key Information:

Vendor: Synology
Status: Beedrive For Desktop
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-54158?

A critical security vulnerability has been identified in Synology BeeDrive for desktop, which lacks proper authentication for essential functions. This flaw allows local users to execute arbitrary code via unspecified methods. This oversight can potentially compromise the integrity of the system, emphasizing the importance of regular updates and vigilance in cybersecurity practices. Users are encouraged to update to the latest version to mitigate risks.

Affected Version(s)

BeeDrive for desktop *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Zhao Runzi (赵润梓)

李建申（https://lsr00ter.github.io）

JSON