CVE-2025-66592
Origin Validation Error in Synology Active Backup for Business Agent
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | active_backup_for_business_agent | to 3.1.0-4967 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an origin validation error in Synology Active Backup for Business Agent versions before 3.1.0-4967. It allows local users to write arbitrary files with restricted content during the installation process.
How can this vulnerability impact me? :
The vulnerability can allow local users to write arbitrary files with restricted content, which may lead to unauthorized changes or damage to the system. It has a moderate severity with a CVSS base score of 6.1, indicating a significant impact, including potential high availability impact.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to upgrade the Synology Active Backup for Business Agent to version 3.1.0-4967 or later.