CVE-2025-12686

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_25_12	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:synology:beestation_os:*:*:*:*:*:*:*:*

History

02 Jun 2026, 20:43

Type	Values Removed	Values Added
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_25_12 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_25_12 - Vendor Advisory
CPE		cpe:2.3:o:synology:beestation_os::::::::
First Time		Synology Synology beestation Os

27 May 2026, 17:16

Type	Values Removed	Values Added
Summary	(en) Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.	(en) Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

27 May 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 09:16

Updated : 2026-06-02 20:43

NVD link : CVE-2025-12686

Mitre link : CVE-2025-12686

CVE.ORG link : CVE-2025-12686

JSON object : View

Products Affected

synology

beestation_os

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

9.8 /10