6.5
CVE-2025-4679
- EPSS 1.04%
- Veröffentlicht 16.05.2025 08:36:37
- Zuletzt bearbeitet 02.07.2025 12:15:28
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Active Backup For Microsoft 365 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.04% | 0.598 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@synology.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://www.synology.com/en-global/security/advisory/Synology_SA_25_06
https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/
https://modzero.com/static/MZ-25-02_modzero_Synology-Active-Backup-M365.pdf