Synology has disclosed multiple vulnerabilities that could allow attackers to compromise data confidentiality, integrity, and security policies. The advisories, issued on 14 and 19 November 2025, expose flaws in DSM versions 7.2.2 before 7.2.2‑72806‑5 and 7.3 before 7.3.1‑86003‑1, as well as Synology Contacts before 1.0.10‑20659 on several DSM releases. The risks include potential data loss, unauthorized data access, tampering, or bypass of security controls. Affected systems comprise DSM 7.2.2, DSM 7.3, and Synology Contacts. These vulnerabilities were discovered during routine security testing and are documented in Synology’s security advisories SA_25_13 and SA_25_14. Users should consult Synology’s security advisories and apply the latest firmware updates. The CVE identifiers provide a reference for tracking and remediation efforts. The vulnerabilities are identified as CVE‑2025‑13167 and CVE‑2025‑13392.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1035/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.