heise PlusAbo
Anzeige

Synology closes further security vulnerability from Pwn2Own hacking competition

Unauthorized access to NAS possible: An update closes a vulnerability in Synology DiskStation Manager.

listen Print view
A symbolic update shield.

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

If attackers successfully exploit a vulnerability in Synology's NAS system DiskStation Manager (DSM), they can gain access to network storage. A security patch provides a remedy.

Attackers in the system

In a warning message, the developers state that that remote attackers can bypass authentication if they know the Distinguished Name (DN). How such an attack could proceed is currently unclear. It is also unknown whether any attacks have already occurred.

The developers state that only DSM 7.2.2 and DSM 7.3 are affected by the vulnerability (CVE-2025-13392 “high”). DSM 7.2.1 is not vulnerable. DSM versions 7.2.2-72806-5 and 7.3.1-86003-1 are secured.

Videos by heise

The software vulnerability that has now been closed was discovered by participants of the Pwn2Own hacking competition. As early as the beginning of November, Synology developers closed a “critical” vulnerability (CVE-2025-12686) in BeeStation found during the hacking competition. If attacks are successful in this case, attackers can push and execute malicious code on systems.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten