Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Posted on By CWS

Synology has launched an pressing safety replace addressing a crucial distant code execution vulnerability in BeeStation OS that permits unauthenticated attackers to execute arbitrary code on affected gadgets.

The vulnerability, tracked as CVE-2025-12686 and recognized by ZDI-CAN-28275, carries a crucial CVSS3 base rating of 9.8, reflecting its extreme affect and exploitability.

The flaw stems from a basic buffer overflow vulnerability (CWE-120) in BeeStation OS, making it uncovered to network-based assaults with out requiring authentication or consumer interplay.

Synology BeeStation 0-Day Vulnerability

The buffer overflow situation in BeeStation OS permits distant attackers to craft malicious inputs that overflow reminiscence buffers, doubtlessly main to finish system compromise.

With a CVSS3 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H, the vulnerability demonstrates low assault complexity, community accessibility, and no privilege or consumer interplay necessities.

CVE IDVulnerability NameSeverityCVSS3 Base ScoreCVSS3 VectorCVE-2025-12686Buffer Overflow in BeeStation OSCritical9.8AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This mixture makes the flaw slight exploitable in real-world situations. At present, there isn’t a out there mitigation technique, making rapid patching the one viable protection.

Affected Merchandise and Patches

Synology has launched safety updates for all affected BeeStation OS variations:

ProductUpdate ToBeeStation OS 1.01.3.2-65648+BeeStation OS 1.11.3.2-65648+BeeStation OS 1.21.3.2-65648+BeeStation OS 1.31.3.2-65648+

Organizations and customers with BeeStation gadgets ought to prioritize firmware updates instantly. Nature of this vulnerability, mixed with the absence of workarounds, necessitates pressing motion to forestall potential exploitation by risk actors.

Given the convenience of exploitation and distant accessibility, delaying patches exposes programs to vital threat. Synology researchers demonstrated the potential for exploitation by means of the Zero Day Initiative program. This collaborative disclosure ensures well timed patching whereas defending customers from lively exploitation.

BeeStation customers are to verify their system variations and apply the advisable updates at once to get rid of this distant code execution risk.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload Cyber Security News
Threat Actors Weaponize PDF Editor With New Torjan to Turn Device Into Proxy Cyber Security News
Apache Tomcat Vulnerabilities Let Attackers Bypass Authentication & Trigger DoS Attacks Cyber Security News
Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Cyber Security News
New Gentlemen’s RaaS Advertised on Hacking Forums Targeting Windows, Linux and ESXi Systems Cyber Security News
Chinese Hackers Weaponized Nezha Tool to Execute Commands on Web Server Cyber Security News