CVE-2025-54158
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-04
Last updated on: 2026-02-24
Assigner: Synology Inc.
Description
Description
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | beedrive | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authentication for a critical function in Synology BeeDrive for desktop versions before 1.4.2-13960. It allows local users to execute arbitrary code on the affected system through unspecified methods.
How can this vulnerability impact me? :
An attacker with local access could exploit this vulnerability to run arbitrary code, potentially leading to full compromise of the system, including unauthorized access, data modification, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70