CVE-2025-66593
Origin Validation Error in Synology Assistant Allows Arbitrary File Write
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | synology_assistant | 7.0.6-50085 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is an origin validation error in Synology Assistant versions before 7.0.6-50085. It allows local users to write arbitrary files with restricted content during the installation process.
How can this vulnerability impact me? :
The vulnerability can allow a local user to write arbitrary files with restricted content, which may lead to integrity issues or disruption of the system's availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to upgrade Synology Assistant to version 7.0.6-50085 or later.