Home

Description

A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.

PUBLISHED Reserved 2025-05-14 | Published 2025-05-16 | Updated 2025-07-02 | Assigner synology




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Insufficiently Protected Credentials

Product status

Any version
affected

Credits

Leonid Hartmann of modzero finder

References

modzero.com/...s-open-backdoors-synology-active-backup-m365/

modzero.com/...25-02_modzero_Synology-Active-Backup-M365.pdf

www.synology.com/...obal/security/advisory/Synology_SA_25_06 (Synology-SA-25:06 Active Backup for Microsoft 365) vendor-advisory

cve.org (CVE-2025-4679)

nvd.nist.gov (CVE-2025-4679)

Download JSON