Synology has disclosed a vulnerability in its ActiveProtect Agent that could allow attackers to compromise the integrity of data stored on affected devices. The flaw is present in all versions of ActiveProtect Agent prior to 1.1.0-0439. According to the security advisory, an attacker could exploit this weakness to alter or corrupt data, potentially impacting business operations. The recommended remedy is to apply the patch provided in Synology’s security bulletin (Synology_SA_25_15) released on 25 November 2025. The issue is tracked as CVE‑2025‑13593. Users are urged to review the bulletin and update to a supported version as soon as possible. The advisory also advises monitoring for any unauthorized changes to system files. No service disruptions are reported as a result of the vulnerability.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1041/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.