CVE-2025-1021 | THREATINT

Description

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

PUBLISHED Reserved 2025-02-04 | Published 2025-04-23 | Updated 2025-04-23 | Assigner synology

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Missing Authorization

Product status

Default status

affected

7.2.2 (semver) before 7.2.2-72806-3

affected

7.2.1 (semver) before 7.2.1-69057-7

affected

7.1 (semver) before 7.1.1-42962-8

affected

Any version before 7.1

unknown

Credits

DEVCORE Research Team (https://devco.re/) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_03 (Synology-SA-25:03 DSM) vendor-advisory

cve.org (CVE-2025-1021)

nvd.nist.gov (CVE-2025-1021)

Download JSON