Synology-SA-25:06 Active Backup for Microsoft 365

Publish Time: 2025-05-16 15:06:06 UTC+8

Last Updated: 2025-05-17 18:05:39 UTC+8

Abstract

The vulnerability documented by this CVE requires no customer action to resolve.

Affected Products

Product	Severity	Fixed Release Availability

Mitigation

None

Detail

CVE-2025-4679
- Severity: Moderate
- CVSS3 Base Score: 6.5
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.

Acknowledgement

Leonid Hartmann of modzero

Reference

CVE-2025-4679

Revision

Revision	Date	Description
1	2025-05-14	Initial public release.
2	2025-05-16	Disclosed vulnerability details.
3	2025-05-17	Disclosed vulnerability details.