CVE-2025-1021

Published: Apr 23, 2025Modified: Nov 17, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: security@synology.com (Secondary)

Description

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

Affected (3)

Products: Synology: Diskstation Manager

Synology

1 product

Diskstation Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Synology Diskstation Manager	From 7.1 to 7.1.1-42962-8
Synology Diskstation Manager	From 7.2.1-69057 to 7.2.1-69057-7
Synology Diskstation Manager	From 7.2.2 to 7.2.2-72806-3

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

https://www.synology.com/en-global/security/advisory/Synology_SA_25_03

Source: security@synology.com

Vendor Advisory

Timeline

No history available yet.