Synology Security Advisory SA-25:05 Concerning Mail Server
Vulnerability in Synology Mail Server allows remote authenticated attackers to RW non-sensitive settings, and disable some non-critical functions.
This is a Press Release edited by StorageNewsletter.com on April 2, 2025 at 2:18 pmSynology, Inc. had published a security advisory concerning a resolved vulnerability on Synology Mail Server App for its NAS.
Publish Time: 2025-03-27 15:08:33 UTC+8
Last Updated: 2025-03-27 15:08:33 UTC+8
Severity: Moderate
Status: Resolved
Abstract
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
Affected Products
|
Product |
Severity |
Fixed Release Availability |
|---|---|---|
|
Synology Mail Server for DSM 7.2 |
Moderate |
Upgrade to 1.7.6-20676 or above. |
|
Synology Mail Server for DSM 7.1 |
Moderate |
Upgrade to 1.7.6-10676 or above. |
Mitigation: None
Detail
- CVE-2025-2848
- Severity: Moderate
- CVSS3 Base Score: 6.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Acknowledgement: Chanin Kim
Revision
|
Revision |
Date |
Description |
|---|---|---|
|
1 |
2025-03-27 |
Initial public release. |
Share this news :
Subscribe to our free daily newsletter
