EXECUTIVE SUMMARY:
A vulnerability in Synology's DiskStation Manager (DSM) software, tracked as CVE-2025-1021, has been identified, posing significant risks to using affected versions of the popular NAS operating system. The vulnerability, rated as with a CVSS Score of 7.5, exists in the "synocopy" component, where a lack of proper authorization allows remote, unauthenticated attackers to bypass security controls and access arbitrary files through the Network File System (NFS) service. This flaw, with confidentiality impact, can lead to unauthorized data access without requiring any privileges or user interaction, making it a issue for affected systems. It is advised to upgrade to the latest patches immediately to mitigate the risk of exploitation. It should review their NFS configurations, monitor logs for unusual activity, and apply updates as soon as possible to protect sensitive data from potential breaches.
RECOMMENDATION:
We strongly recommend you update Synology DSM to below versions:
REFERENCES:
The following reports contain further technical details: