Synology Mail Server recently disclosed a moderate-severity vulnerability tracked as CVE-2025-2848, affecting DSM 7.1 and 7.2 versions. The flaw allowed remote authenticated attackers to adjust non-sensitive settings and disable some non-critical features. While there were no reports of data compromise or critical system disruption, the potential to manipulate system configurations did exist. Synology promptly released security patches to address the vulnerability, urging users to update their servers to protect their systems from potential exploitation. The oversight in access control underscores the importance of ongoing vigilance and immediate response to identified security issues within network-connected storage solutions.
Source: https://cybersecuritynews.com/synology-mail-server-remote-attackers/
"id": "syn320032725",
"linkid": "synology",
"type": "Vulnerability",
"date": "3/2025",
"severity": "60",
"impact": "1",
"explanation": "Attack without any consequences"