Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Posted on By CWS

Synology has launched an pressing safety replace addressing a crucial distant code execution vulnerability in BeeStation OS that permits unauthenticated attackers to execute arbitrary code on affected gadgets.

The vulnerability, tracked as CVE-2025-12686 and recognized by ZDI-CAN-28275, carries a crucial CVSS3 base rating of 9.8, reflecting its extreme affect and exploitability.

The flaw stems from a basic buffer overflow vulnerability (CWE-120) in BeeStation OS, making it uncovered to network-based assaults with out requiring authentication or consumer interplay.

Synology BeeStation 0-Day Vulnerability

The buffer overflow situation in BeeStation OS permits distant attackers to craft malicious inputs that overflow reminiscence buffers, doubtlessly main to finish system compromise.

With a CVSS3 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H, the vulnerability demonstrates low assault complexity, community accessibility, and no privilege or consumer interplay necessities.

CVE IDVulnerability NameSeverityCVSS3 Base ScoreCVSS3 VectorCVE-2025-12686Buffer Overflow in BeeStation OSCritical9.8AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This mixture makes the flaw slight exploitable in real-world situations. At present, there isn’t a out there mitigation technique, making rapid patching the one viable protection.

Affected Merchandise and Patches

Synology has launched safety updates for all affected BeeStation OS variations:

ProductUpdate ToBeeStation OS 1.01.3.2-65648+BeeStation OS 1.11.3.2-65648+BeeStation OS 1.21.3.2-65648+BeeStation OS 1.31.3.2-65648+

Organizations and customers with BeeStation gadgets ought to prioritize firmware updates instantly. Nature of this vulnerability, mixed with the absence of workarounds, necessitates pressing motion to forestall potential exploitation by risk actors.

Given the convenience of exploitation and distant accessibility, delaying patches exposes programs to vital threat. Synology researchers demonstrated the potential for exploitation by means of the Zero Day Initiative program. This collaborative disclosure ensures well timed patching whereas defending customers from lively exploitation.

BeeStation customers are to verify their system variations and apply the advisable updates at once to get rid of this distant code execution risk.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities Cyber Security News
Insecure GitHub Actions in Open Source Projects MITRE and Splunk Exposes Critical Vulnerabilities Cyber Security News
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors Cyber Security News
Researchers Detailed North Korean Threat Actors Technical Strategies to Uncover Illicit Access Cyber Security News
New TruffleNet BEC Campaign Leverages AWS SES Using Stolen Credentials to Compromise 800+ Hosts Cyber Security News
Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges Cyber Security News