CVE-2025-2848
BaseFortify
Publication date: 2025-12-04
Last updated on: 2026-02-09
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | mail_server | to 1.7.6-10676 (exc) |
| synology | mail_server | to 1.7.6-20676 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings and disable some non-critical functions.
How can this vulnerability impact me? :
An attacker with remote authenticated access could manipulate non-sensitive settings and disable some non-critical functions of the Synology Mail Server, potentially disrupting service or altering configurations without affecting critical data.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Synology Mail Server to the fixed versions: 1.7.6-10676 for DSM 7.1 and 1.7.6-20676 for DSM 7.2. No other mitigation is provided. [1]