CVE-2025-13593
Origin Validation Error in Synology ActiveProtect Agent
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | activeprotect_agent | to 1.1.0-0439 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an origin validation error in the Synology ActiveProtect Agent versions before 1.1.0-0439. It allows local users to write arbitrary files with restricted content during the installation process.
How can this vulnerability impact me? :
The vulnerability can allow a local user to write arbitrary files with restricted content, which may lead to unauthorized modification or disruption of the system. This could potentially impact system integrity and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2025-13593 in Synology ActiveProtect Agent, users should upgrade the software to version 1.1.0-0439 or later.
No other specific mitigation steps have been provided by Synology.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerability in Synology ActiveProtect Agent affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Synology has not provided any specific detection methods or commands to identify this vulnerability on your network or system.
The recommended action to mitigate this vulnerability is to upgrade the ActiveProtect Agent to version 1.1.0-0439 or later.