CVE-2025-2848 | THREATINT

Description

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

PUBLISHED Reserved 2025-03-27 | Published 2025-12-04 | Updated 2025-12-04 | Assigner synology

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

Missing Authorization

Product status

Default status

affected

* (semver) before 1.7.6-10676

affected

* (semver) before 1.7.6-20676

affected

Credits

Chanin Kim of ENKI Whitehat finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_05 (Synology-SA-25:05 Mail Server) vendor-advisory

cve.org (CVE-2025-2848)

nvd.nist.gov (CVE-2025-2848)