CVE-2025-13593

MEDIUM

Synology ActiveProtect Agent < 1.1.0-0439 - Origin Validation Error

Title source: rule
STIX 2.1

Description

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-25:15 ActiveProtect Agent
https://www.synology.com/en-global/security/advisory/Synology_SA_25_15

Scores

CVSS v3 6.1
EPSS 0.0009
EPSS Percentile 0.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-346
Status published
Products (2)
Synology/ActiveProtect Agent < 1.1.0-0439
synology/activeprotect_agent < 1.1.0-0439
Published May 27, 2026
Tracked Since May 27, 2026