Home

Description

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

PUBLISHED Reserved 2025-11-04 | Published 2026-05-27 | Updated 2026-05-27 | Assigner synology




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
affected

1.3 (semver) before 1.3.2-65648
affected

1.2 (semver) before 1.3.2-65648
affected

1.1 (semver) before 1.3.2-65648
affected

1.0 (semver) before 1.3.2-65648
affected

Any version before 1.0
unknown

Credits

@Tek_7987 & @_Anyfun (@Synacktiv) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_12 (Synology-SA-25:12 BeeStation (PWN2OWN 2025)) vendor-advisory

cve.org (CVE-2025-12686)

nvd.nist.gov (CVE-2025-12686)

Download JSON