CVE-2025-13392
Analyzed Analyzed - Analysis Complete
Authentication Bypass in Synology DSM SSO

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: Synology Inc.

Description
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13392
EUVD
EUVD-2025-209956
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
synology diskstation_manager From 7.2.2 (inc) to 7.2.2-72806-5 (exc)
synology diskstation_manager From 7.3 (inc) to 7.3.1-86003-1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Single Sign-On (SSO) mechanism of Synology DiskStation Manager (DSM) versions before 7.2.2-72806-5 and 7.3.1-86003-1. It is caused by an improper check for unusual or exceptional conditions, which allows remote attackers to bypass authentication if they have prior knowledge of the distinguished name (DN). This means an attacker can gain unauthorized access without proper credentials by exploiting this flaw.

Impact Analysis

The impact of this vulnerability is significant because it allows remote attackers to bypass authentication controls, potentially gaining full access to the affected Synology DiskStation Manager system. This can lead to unauthorized access to sensitive data, full control over the system, and the ability to perform actions with high privileges, affecting confidentiality, integrity, and availability.

Detection Guidance

There are no specific detection methods or commands provided in the available information to identify this vulnerability on your network or system.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade Synology DiskStation Manager (DSM) to version 7.3.1-86003-1 or later if you are using DSM 7.3, or to version 7.2.2-72806-5 or later if you are using DSM 7.2.2.

No other mitigation steps beyond applying these updates have been provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13392. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart