- Description
- Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
- Source
- security@synology.com
- NVD status
- Analyzed
- Products
- diskstation_manager
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@synology.com
- CWE-754
- Hype score
- Not currently trending
[ZDI-25-1040|CVE-2025-13392] (Pwn2Own) Synology DiskStation DS925+ samlAuth Authentication Bypass Vulnerability (CVSS 6.3; Credit: Le Trong Phuc (chanze@VRC) and Cao Ngoc Quy (Chino Kafuu)) https://t.co/wtKFAflg8p
@TheZDIBugs
3 Dec 2025
1100 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️Vulnerabilidad en productos Synology ❗CVE-2025-13392 ➡️Más info: https://t.co/0ZJbESujqR https://t.co/wpWLfZS3PK
@CERTpy
27 Nov 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D5A65E-BE7D-4F2B-A41D-B16CD8610F45",
"versionEndExcluding": "7.2.2-72806-5",
"versionStartIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C47B4CD1-7D41-4E90-A6F4-21E4A3B96E95",
"versionEndIncluding": "7.3.1-86003-1",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]