Seems like there is a more localized page available for your location.
Store

Cart summary ()

Total (undefined items)Incl. VAT undefined%. The shipping will be calculated at checkout.

Continue shopping

Bee Series by Synology
Products A-Z
Store

Synology-SA-25:03 DSM

Publish Time: UTC+8

Last Updated: UTC+8

Severity
Important
Status
Resolved

Abstract

A vulnerability allows attackers to read any file via writable Network File System (NFS) service.

Affected Products

Product Severity Fixed Release Availability
DSM 7.2.2 Important Upgrade to 7.2.2-72806-3 or above.
DSM 7.2.1 Important Upgrade to 7.2.1-69057-7 or above.
DSM 7.1 Important Upgrade to 7.1.1-42962-8 or above.

Mitigation

None

Detail

  • CVE-2025-1021
    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    • Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

Acknowledgement

DEVCORE Research Team (https://devco.re/)

Reference

CVE-2025-1021

Revision

Revision Date Description
1 2025-02-26 Initial public release.
2 2025-04-23 Disclosed vulnerability details.