CVE-2025-13392
HIGHSynology DiskStation Manager (dsm) - Improper Check for Unusual or Exceptional Conditions
Title source: ruleDescription
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-25:14 DSM (PWN2OWN 2025)
https://www.synology.com/en-global/security/advisory/Synology_SA_25_14
Scores
CVSS v3
8.1
EPSS
0.0052
EPSS Percentile
39.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-754
Status
published
Products (5)
Synology/DiskStation Manager (DSM)
< 7.2.1
Synology/DiskStation Manager (DSM)
7.2.1 - 7.2.1.*
Synology/DiskStation Manager (DSM)
7.2.2 - 7.2.2-72806-5
Synology/DiskStation Manager (DSM)
7.3 - 7.3.1-86003-1
synology/diskstation_manager
7.2.2 - 7.2.2-72806-5
Published
May 27, 2026
Tracked Since
May 27, 2026