Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Posted on By CWS

Synology has launched an pressing safety replace addressing a crucial distant code execution vulnerability in BeeStation OS that permits unauthenticated attackers to execute arbitrary code on affected gadgets.

The vulnerability, tracked as CVE-2025-12686 and recognized by ZDI-CAN-28275, carries a crucial CVSS3 base rating of 9.8, reflecting its extreme affect and exploitability.

The flaw stems from a basic buffer overflow vulnerability (CWE-120) in BeeStation OS, making it uncovered to network-based assaults with out requiring authentication or consumer interplay.

Synology BeeStation 0-Day Vulnerability

The buffer overflow situation in BeeStation OS permits distant attackers to craft malicious inputs that overflow reminiscence buffers, doubtlessly main to finish system compromise.

With a CVSS3 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H, the vulnerability demonstrates low assault complexity, community accessibility, and no privilege or consumer interplay necessities.

CVE IDVulnerability NameSeverityCVSS3 Base ScoreCVSS3 VectorCVE-2025-12686Buffer Overflow in BeeStation OSCritical9.8AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This mixture makes the flaw slight exploitable in real-world situations. At present, there isn’t a out there mitigation technique, making rapid patching the one viable protection.

Affected Merchandise and Patches

Synology has launched safety updates for all affected BeeStation OS variations:

ProductUpdate ToBeeStation OS 1.01.3.2-65648+BeeStation OS 1.11.3.2-65648+BeeStation OS 1.21.3.2-65648+BeeStation OS 1.31.3.2-65648+

Organizations and customers with BeeStation gadgets ought to prioritize firmware updates instantly. Nature of this vulnerability, mixed with the absence of workarounds, necessitates pressing motion to forestall potential exploitation by risk actors.

Given the convenience of exploitation and distant accessibility, delaying patches exposes programs to vital threat. Synology researchers demonstrated the potential for exploitation by means of the Zero Day Initiative program. This collaborative disclosure ensures well timed patching whereas defending customers from lively exploitation.

BeeStation customers are to verify their system variations and apply the advisable updates at once to get rid of this distant code execution risk.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

New Smartwatch Wi-Fi Injection, Android Radio and Hacking Tools New Smartwatch Wi-Fi Injection, Android Radio and Hacking Tools Cyber Security News
How to Conduct a Secure Code Review How to Conduct a Secure Code Review Cyber Security News
LangGraph Vulnerability Allows Malicious Python Code Execution During Deserialization LangGraph Vulnerability Allows Malicious Python Code Execution During Deserialization Cyber Security News
Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands Cyber Security News
Linux Kernel’s KSMBD Subsystem Vulnerability Let Remote Attackers Exhaust Server Resources Linux Kernel’s KSMBD Subsystem Vulnerability Let Remote Attackers Exhaust Server Resources Cyber Security News
Cloudflare Global Outage Breaks Internet Cloudflare Global Outage Breaks Internet Cyber Security News