CVE-2025-1021

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8 Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-7 Synology DiskStation Manager (DSM) versions prior to 7.2.2-72806-3

Description A missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) allows remote attackers to read arbitrary files via unspecified vectors. This issue enables unauthorized access to files, posing a significant risk to data security.

Recommendations For versions prior to 7.1.1-42962-8, update to version 7.1.1-42962-8 or later. For versions prior to 7.2.1-69057-7, update to version 7.2.1-69057-7 or later. For versions prior to 7.2.2-72806-3, update to version 7.2.2-72806-3 or later.