CVE-2025-30028

Summary

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.

Affected Software

VendorProductVersion RangeStatus
SynologyActive Backup for Business* < 2.7.1-3234affected
SynologyActive Backup for Business* < 2.7.1-13234affected
SynologyActive Backup for Business* < 2.7.1-23234affected

Weaknesses

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References