AI description
CVE-2025-12686 is a critical remote code execution (RCE) vulnerability found in Synology BeeStation devices. It was demonstrated at the Pwn2Own Ireland 2025 hacking competition. The vulnerability stems from an unchecked buffer input, which allows for arbitrary code execution. Successful exploitation of CVE-2025-12686 could allow an attacker to bypass the firewall and access personally identifiable information (PII) and trade secrets. Furthermore, the attacker could use the NAS's trusted internal IP address to move laterally toward the Domain Controller (DC) or virtual desktop infrastructure (VDI). Synology has released a patch to address this vulnerability.
- Description
- Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.
- Source
- security@synology.com
- NVD status
- Analyzed
- Products
- beestation_os
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@synology.com
- CWE-120
- Hype score
- Not currently trending
Kritische Synology BeeStation-Lücke CVE-2025-12686 (CVSS 9.8) aus Pwn2Own Ireland 2025 ermöglicht vollständige Übernahme ohne Login. DSM- und C2-Identity-Patches ebenfalls verfügbar. Admins sollten aktualisieren. https://t.co/ZIHUvjlxgw #Synology #ITSecurity https://t.co/4
@schoenfelderED
16 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Synology BeeStation OS has a critical (9.8) buffer overflow in AdminCenter - unauthenticated RCE, no interaction needed. Zero-day demoed at Pwn2Own. Update to 1.3.2-65648+ now. CVE-2025-12686 https://t.co/YCXGMSW2OW https://t.co/AirQmTQ5ti
@SecAlertsCo
28 May 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12686 — CVSS 9.8/10 ██████████ Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology... Severity: CRITICAL Patch now. #cybersecurity #CVE https://t.co/0KEI8l7aQS
@OrizonCyber
27 May 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #BeeStationOS Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution https://t.co/8VkmfW38yp
@Komodosec
17 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
At #Pwn2Own2025, our experts @Tek_7987 & @_Anyfun remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover. The vuln is now tracked as CVE-2025-12686 🔍 🔗 Full write-up: https://t.co/Nf5qyl6Uhg
@Synacktiv
27 Nov 2025
6814 Impressions
29 Retweets
97 Likes
34 Bookmarks
0 Replies
1 Quote
Running Synology BeeStation? A critical flaw (CVE-2025-12686) could let attackers waltz into your personal cloud. Patch is live—clients covered, but check your setup. Unpatched = unlocked. https://t.co/TnqcGxduzA #CyberSecurity #PatchNow
@lowcountrycyber
12 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Pwn2Own実証のSynology BeeStation RCE(CVE-2025-12686)修正 https://t.co/KoY0kCz8j9 #Security #セキュリティー #ニュース
@SecureShield_
12 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SynologyのBeeStationに深刻なRCE脆弱性。Pwn2Ownで実証されたゼロデイ攻撃が修正され、利用者に早急なアップデートが呼びかけられている。 問題のCVE-2025-12686は「入力サイズを確認せずにバッファへコピーする欠
@yousukezan
11 Nov 2025
1041 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Synology BeeStation 0-Day Flaw (CVE-2025-12686) Fix Guide - CyberDudeBivash https://t.co/G0uA1c91MZ https://t.co/0YGhBLsYNO
@cyberbivash
11 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution https://t.co/8a1kkin17g #InfoSec #CyberSec #CyberSecurity
@AnonOzzyDude
11 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:beestation_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4968D5-623C-4FD5-9930-7B4DEFFA9BC6",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]