Home

Description

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.

PUBLISHED Reserved 2025-12-15 | Published 2026-05-27 | Updated 2026-05-27 | Assigner synology




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposed Dangerous Method or Function

Product status

Default status
affected

* (semver) before 1.76.0-0307
affected

Credits

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_18 (Synology-SA-25:18 C2 Identity Edge Server (PWN2OWN 2025)) vendor-advisory

cve.org (CVE-2025-14713)

nvd.nist.gov (CVE-2025-14713)

Download JSON