Synology has patched a severe remote code execution vulnerability in BeeStation OS that was showcased at Pwn2Own Ireland 2025. The flaw, exploited during the event, can lead to arbitrary code execution and affects multiple versions of Synology’s NAS software. #BeeStationOS #Pwn2OwnIreland2025
Keypoints
- The vulnerability CVE-2025-12686 is a buffer overflow issue allowing arbitrary code execution.
- Researchers exploited this flaw at Pwn2Own Ireland 2025, earning a $40,000 reward.
- There are currently no mitigations, and users are advised to upgrade to version 1.3.2-65648 or later.
- The event showcased 73 zero-day flaws across various products, with over $1 million in prizes awarded.
- Similar vulnerabilities were recently fixed in QNAP devices, highlighting ongoing NAS security concerns.