Synology-SA-25:07 SMB Service
Publish Time: UTC+8
Last Updated: UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
A vulnerability allows remote authenticated users to write to limited files via Server Message Block (SMB) service.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| APM 1.0 | Not affected | N/A |
| BeeStation OS 1.3 | Moderate | Ongoing |
| SRM 1.3 | Moderate | Ongoing |
| SMB Service for DSM 7.2 | Moderate | Upgrade to 4.15.13-2502 or above. |
| SMB Service for DSM 7.1 | Moderate | Upgrade to 4.15.9-0644 or above. |
Mitigation
None
Detail
- CVE-2025-5293
- Severity: Moderate
- CVSS3 Base Score: 4.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Acknowledgement
David Oxley
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-05-29 | Initial public release. |