The vulnerability, tracked as CVE-2025-1021 and detailed in a security advisory, was resolved in recent updates and affects multiple versions of the popular network-attached storage (NAS) operating system. This vulnerability enables unauthenticated remote attackers to bypass security controls and access sensitive files through a writable NFS service. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization. Credit for discovering the vulnerability goes to the DEVCORE Research Team ( ), a group known for identifying critical security issues in enterprise software and hardware products. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vector indicates a network-exploitable vulnerability with low attack complexity, requiring no privileges or user interaction, and potentially resulting in high confidentiality impact. This vulnerability is particularly concerning because it allows attackers to read arbitrary files without authentication. The vulnerability highlights the importance of updating network storage devices, especially those exposed to the internet or accessible on corporate networks. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Apr 2025 14:20:09 +0000