9.8
CVE-2025-13392
- EPSS 0.53%
- Veröffentlicht 27.05.2026 08:36:06
- Zuletzt bearbeitet 02.06.2026 20:42:40
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Diskstation Manager Version >= 7.2.2 < 7.2.2-72806-5
Synology ≫ Diskstation Manager Version >= 7.3 <= 7.3.1-86003-1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@synology.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-754 Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
https://www.synology.com/en-global/security/advisory/Synology_SA_25_14