Summary: A serious security vulnerability in Synologyβs Network File System (NFS) service, identified as CVE-2025-1021, has been addressed, allowing unauthorized remote access to sensitive files on specific DiskStation Manager (DSM) versions. The flaw arises from a missing authorization check in the synocopy component, exposing confidential information to unauthenticated attackers. Synology has urged users to promptly update their systems to remediate this critical issue.
Affected: Synology DiskStation Manager (DSM)
Keypoints :
- Vulnerability is rated βImportantβ with a CVSS score of 7.5 out of 10.
- Affects multiple DSM versions requiring immediate upgrades to fixed versions.
- Exploitation does not require user interaction, posing a significant threat to data security.
- Responsible disclosure was coordinated with DEVCORE Research Team.
- Emphasizes the need for regular updates and monitoring of NAS devices.
Source: https://gbhackers.com/synology-network-file-system-vulnerability/