Home

Description

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

PUBLISHED Reserved 2025-12-05 | Published 2026-05-27 | Updated 2026-06-02 | Assigner synology




MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Problem types

Origin Validation Error

Product status

Default status
affected

* (semver) before 7.0.6-50085
affected

Credits

Sheikh Rishad (https://x.com/sheikhrishad0) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_17 (Synology-SA-25:17 Synology Assistant) vendor-advisory

cve.org (CVE-2025-66593)

nvd.nist.gov (CVE-2025-66593)

Download JSON