CVE-2025-66592

Description

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Affected products

Synology / Synology Active Backup for Business Agent3.1.0-4967

References

MISChttps://www.synology.com/en-global/security/advisory/Synology_SA_25_16