CVE-2025-66592 | THREATINT

Description

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

PUBLISHED Reserved 2025-12-05 | Published 2026-05-27 | Updated 2026-06-02 | Assigner synology

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Problem types

Origin Validation Error

Product status

Default status

affected

* (semver) before 3.1.0-4967

affected

Credits

Sheikh Rishad (https://x.com/sheikhrishad0) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_16 (Synology-SA-25:16 Synology Active Backup for Business Agent) vendor-advisory

cve.org (CVE-2025-66592)

nvd.nist.gov (CVE-2025-66592)

Download JSON