CVE-2025-13392
Analyzed Analyzed - Analysis Complete

Authentication Bypass in Synology DSM SSO

Vulnerability report for CVE-2025-13392, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: Synology Inc.

Description

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-07-06
AI Q&A
2026-05-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
synology diskstation_manager From 7.2.2 (inc) to 7.2.2-72806-5 (exc)
synology diskstation_manager From 7.3 (inc) to 7.3.1-86003-1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Single Sign-On (SSO) mechanism of Synology DiskStation Manager (DSM) versions before 7.2.2-72806-5 and 7.3.1-86003-1. It is caused by an improper check for unusual or exceptional conditions, which allows remote attackers to bypass authentication if they have prior knowledge of the distinguished name (DN). This means an attacker can gain unauthorized access without proper credentials by exploiting this flaw.

Impact Analysis

The impact of this vulnerability is significant because it allows remote attackers to bypass authentication controls, potentially gaining full access to the affected Synology DiskStation Manager system. This can lead to unauthorized access to sensitive data, full control over the system, and the ability to perform actions with high privileges, affecting confidentiality, integrity, and availability.

Detection Guidance

There are no specific detection methods or commands provided in the available information to identify this vulnerability on your network or system.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade Synology DiskStation Manager (DSM) to version 7.3.1-86003-1 or later if you are using DSM 7.3, or to version 7.2.2-72806-5 or later if you are using DSM 7.2.2.

No other mitigation steps beyond applying these updates have been provided.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13392. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart