CVE-2025-12686

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Synology BeeStation OS versions prior to 1.3.2-65648

Description The Synology BeeStation OS contains a stack-based buffer overflow issue that allows for remote code execution. The flaw resides in the

auth info

component and can be exploited to execute arbitrary code. The vulnerability was demonstrated at Pwn2Own Ireland 2025 and awarded a $40,000 reward. Exploitation of this issue enables attackers to gain full system takeover. The vulnerability is identified as CVE-2025-12686 and has a CVSS score of 9.8. The root cause is a buffer copy operation without proper size checking of the input.

Recommendations Update BeeStation OS to version 1.3.2-65648 or above.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2025-15405

CVE-2025-12686

ZDI-25-1039

Affected Products

Synology Beestation

CVE-2025-12686

Weakness Enumeration

Related Identifiers

Affected Products

References · 21