CVE-2025-66592

MEDIUM

Synology Active Backup For Business Agent < 3.1.0-4967 - Origin Validation Error

Title source: rule
STIX 2.1

Description

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-25:16 Synology Active Backup for Business Agent
https://www.synology.com/en-global/security/advisory/Synology_SA_25_16

Scores

CVSS v3 6.1
EPSS 0.0009
EPSS Percentile 0.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-346
Status published
Products (2)
synology/active_backup_for_business_agent < 3.1.0-4967
Synology/Synology Active Backup for Business Agent < 3.1.0-4967
Published May 27, 2026
Tracked Since May 27, 2026