6.3
CVE-2025-2848
- EPSS 0.09%
- Veröffentlicht 04.12.2025 15:15:57
- Zuletzt bearbeitet 09.02.2026 21:38:15
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Mail Server Version < 1.7.6-10676
Synology ≫ Mail Server Version < 1.7.6-20676
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.