A critical vulnerability has been discovered in Synology’s BeeStation OS, allowing unauthenticated attackers to execute arbitrary code remotely, tracked as CVE-2025-12686. The vulnerability stems from a buffer overflow condition, making devices susceptible to network-based attacks without requiring user interaction. This issue is classified as critical, with a CVSS3 base score of 9.8, indicating severe impact and high exploitability.
The details reveal that the flaw’s low attack complexity and network accessibility increase its risk significantly. Currently, Synology has released security updates for various affected versions of BeeStation OS, making it imperative for organizations and users to patch their systems immediately. Delaying updates could expose their devices to exploitation by threat actors, especially considering the absence of any workarounds. As part of the collaborative Zero Day Initiative program, researchers have demonstrated the vulnerability to underscore the urgency of applying the recommended updates.
👉 Pročitaj original: Cyber Security News
