CVE-2025-12686

Name of the Vulnerable Software and Affected Versions Synology BeeStation OS versions prior to 1.3.2-65648

Description The Synology BeeStation OS contains a stack-based buffer overflow issue that allows for remote code execution. The flaw resides in the auth info component and can be exploited to execute arbitrary code. The vulnerability was demonstrated at Pwn2Own Ireland 2025 and awarded a $40,000 reward. Exploitation of this issue enables attackers to gain full system takeover. The vulnerability is identified as CVE-2025-12686 and has a CVSS score of 9.8. The root cause is a buffer copy operation without proper size checking of the input.

Recommendations Update BeeStation OS to version 1.3.2-65648 or above.