Vulnerability Details CVE-2025-13392
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2025-13392
-
cpe:2.3:o:synology:diskstation_manager:7.2.2
-
cpe:2.3:o:synology:diskstation_manager:7.2.2-72803
-
cpe:2.3:o:synology:diskstation_manager:7.2.2-72806
-
cpe:2.3:o:synology:diskstation_manager:7.2.2-72806-1
-
cpe:2.3:o:synology:diskstation_manager:7.2.2-72806-2
-
cpe:2.3:o:synology:diskstation_manager:7.2.2-72806-3
-
cpe:2.3:o:synology:diskstation_manager:7.2.2-72806-4
-
cpe:2.3:o:synology:diskstation_manager:7.3
-
cpe:2.3:o:synology:diskstation_manager:7.3-81180
-
cpe:2.3:o:synology:diskstation_manager:7.3.1-86003
-
cpe:2.3:o:synology:diskstation_manager:7.3.1-86003-1