Last year, Taiwanese security firm QI-ANXIN Group’s Codesafe Team identified multiple vulnerabilities in Synology products, demonstrating the ongoing attention these systems receive from security researchers. The security flaw, tracked as CVE-2025-2848, affects multiple versions of the popular mail server software and has prompted Synology to release security patches for affected systems. Earlier this year, Synology also patched multiple vulnerabilities in its SRM (Synology Router Manager) software that allowed authenticated users to read or write non-sensitive files. While full technical details remain reserved until widespread patching has occurred, this type of vulnerability typically involves improper access control mechanisms that fail to properly restrict authenticated users from accessing or modifying configuration settings beyond their intended privileges. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Security researcher Chanin Kim discovered and reported the vulnerability to Synology as part of their responsible disclosure program. The security flaw specifically enables remote authenticated attackers to manipulate system configurations without requiring user interaction. This security issue emerges amid ongoing cybersecurity concerns for network-attached storage (NAS) devices and related services. As with all security updates, administrators should test the patched versions in non-production environments before deploying them to critical systems. In 2024, Synology addressed 13 security vulnerabilities across its product line. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Mar 2025 11:45:21 +0000