CVE-2025-12686
CRITICALSynology BeeStation Manager (bsm) - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Title source: ruleDescription
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-25:12 BeeStation (PWN2OWN 2025)
https://www.synology.com/en-global/security/advisory/Synology_SA_25_12
Scores
CVSS v3
9.8
EPSS
0.0276
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (11)
Synology/BeeStation Manager (BSM)
< 1.0
Synology/BeeStation Manager (BSM)
1.0 - 1.3.2-65648
Synology/BeeStation Manager (BSM)
1.1 - 1.3.2-65648
Synology/BeeStation Manager (BSM)
1.2 - 1.3.2-65648
Synology/BeeStation OS
< 1.0
Synology/BeeStation OS
< 1.3
Synology/BeeStation OS
1.0 - 1.3.2-65648
Synology/BeeStation OS
1.1 - 1.3.2-65648
Synology/BeeStation OS
1.2 - 1.3.2-65648
Synology/BeeStation OS
1.3 - 1.3.2-65648
... and 1 more
Published
May 27, 2026
Tracked Since
May 27, 2026