CVE-2025-4679

MEDIUM

Synology Active Backup for Microsoft 365 - Info Disclosure

Title source: llm

Description

A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.

Exploits (1)

nomisec WORKING POC

by fevar54 · poc

https://github.com/fevar54/CVE-2025-4679-SecureOAuth-Demo---Enfoque-educativo

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://www.synology.com/en-global/security/advisory/Synology_SA_25_06

[Various Sources] https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/

[Various Sources] https://modzero.com/static/MZ-25-02_modzero_Synology-Active-Backup-M365.pdf

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (1)

synology/active_backup_for_microsoft_365

Published May 16, 2025

Tracked Since Feb 18, 2026