Vulnerability in Synology Diskstation_manager
CVE-2025-13392
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prio…
EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Synology Diskstation_manager
- Synology Diskstation Manager (Dsm) — versions 7.3, 7.2.2, 7.2.1
Weakness classification (CWE)
References
- security@synology.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-13392?
- CVE-2025-13392 is a high-severity vulnerability in Synology Diskstation_manager, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 8.1/10. Published 2026-05-27.
- How severe is CVE-2025-13392?
- High severity. CVSS v3 base score is 8.1 out of 10.