CVE-2025-13593 | THREATINT

Description

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

PUBLISHED Reserved 2025-11-24 | Published 2026-05-27 | Updated 2026-06-02 | Assigner synology

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Problem types

Origin Validation Error

Product status

Default status

affected

* (semver) before 1.1.0-0439

affected

Credits

Sheikh Rishad (https://x.com/sheikhrishad0) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_15 (Synology-SA-25:15 ActiveProtect Agent) vendor-advisory

cve.org (CVE-2025-13593)

nvd.nist.gov (CVE-2025-13593)

Download JSON