CVE-2025-13392

Summary

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).

Affected Software

VendorProductVersion RangeStatus
SynologyDiskStation Manager (DSM)7.3 < 7.3.1-86003-1affected
SynologyDiskStation Manager (DSM)7.2.2 < 7.2.2-72806-5affected
SynologyDiskStation Manager (DSM)7.2.1 < 7.2.1.*unaffected
SynologyDiskStation Manager (DSM)0 < 7.2.1unknown

Weaknesses

  • CWE-754: Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References