6.1
CVE-2025-66592
- EPSS 0.09%
- Veröffentlicht 27.05.2026 08:43:05
- Zuletzt bearbeitet 02.06.2026 16:08:58
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Active Backup For Business Agent Version < 3.1.0-4967
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.004 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.6 | 1.3 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
|
| security@synology.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
https://www.synology.com/en-global/security/advisory/Synology_SA_25_16