Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Posted on By CWS

Synology has launched an pressing safety replace addressing a crucial distant code execution vulnerability in BeeStation OS that permits unauthenticated attackers to execute arbitrary code on affected gadgets.

The vulnerability, tracked as CVE-2025-12686 and recognized by ZDI-CAN-28275, carries a crucial CVSS3 base rating of 9.8, reflecting its extreme affect and exploitability.

The flaw stems from a basic buffer overflow vulnerability (CWE-120) in BeeStation OS, making it uncovered to network-based assaults with out requiring authentication or consumer interplay.

Synology BeeStation 0-Day Vulnerability

The buffer overflow situation in BeeStation OS permits distant attackers to craft malicious inputs that overflow reminiscence buffers, doubtlessly main to finish system compromise.

With a CVSS3 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H, the vulnerability demonstrates low assault complexity, community accessibility, and no privilege or consumer interplay necessities.

CVE IDVulnerability NameSeverityCVSS3 Base ScoreCVSS3 VectorCVE-2025-12686Buffer Overflow in BeeStation OSCritical9.8AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This mixture makes the flaw slight exploitable in real-world situations. At present, there isn’t a out there mitigation technique, making rapid patching the one viable protection.

Affected Merchandise and Patches

Synology has launched safety updates for all affected BeeStation OS variations:

ProductUpdate ToBeeStation OS 1.01.3.2-65648+BeeStation OS 1.11.3.2-65648+BeeStation OS 1.21.3.2-65648+BeeStation OS 1.31.3.2-65648+

Organizations and customers with BeeStation gadgets ought to prioritize firmware updates instantly. Nature of this vulnerability, mixed with the absence of workarounds, necessitates pressing motion to forestall potential exploitation by risk actors.

Given the convenience of exploitation and distant accessibility, delaying patches exposes programs to vital threat. Synology researchers demonstrated the potential for exploitation by means of the Zero Day Initiative program. This collaborative disclosure ensures well timed patching whereas defending customers from lively exploitation.

BeeStation customers are to verify their system variations and apply the advisable updates at once to get rid of this distant code execution risk.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

6000+ Vulnerable SmarterTools SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability 6000+ Vulnerable SmarterTools SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability Cyber Security News
HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access Cyber Security News
CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices Cyber Security News
10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester 10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester Cyber Security News
Windows 11 to Hide BSOD Crash Errors on Public Displays Windows 11 to Hide BSOD Crash Errors on Public Displays Cyber Security News
Lenovo AI Chatbot Vulnerability Let Attackers Run Remote Scripts on Corporate Machines Lenovo AI Chatbot Vulnerability Let Attackers Run Remote Scripts on Corporate Machines Cyber Security News