A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization. 

The vulnerability, tracked as CVE-2025-1021 and detailed in a security advisory, was resolved in recent updates and affects multiple versions of the popular network-attached storage (NAS) operating system.

Synology NFS Vulnerability – CVE-2025-1021

The security flaw, rated as “Important” with a CVSS3 Base Score of 7.5, stems from a missing authorization vulnerability in the “synocopy” component of Synology’s DSM. 

This vulnerability enables unauthenticated remote attackers to bypass security controls and access sensitive files through a writable NFS service.

According to the technical details released by Synology on February 26, 2025, and updated on April 23, 2025, the vulnerability is characterized by the CVSS3 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. 

This vector indicates a network-exploitable vulnerability with low attack complexity, requiring no privileges or user interaction, and potentially resulting in high confidentiality impact.

This vulnerability is particularly concerning because it allows attackers to read arbitrary files without authentication.

Organizations using Synology NAS devices should update immediately to prevent unauthorized access to sensitive data.

Credit for discovering the vulnerability goes to the DEVCORE Research Team (https://devco.re/), a group known for identifying critical security issues in enterprise software and hardware products.

Affected Products and Remediation

The vulnerability affects multiple versions of Synology’s DSM operating system:

• DSM 7.2.2: Users should upgrade to version 7.2.2-72806-3 or later.
• DSM 7.2.1: Users should upgrade to version 7.2.1-69057-7 or later.
• DSM 7.1: Users should upgrade to version 7.1.1-42962-8 or later.

Synology has confirmed there are no mitigations available other than applying the updates, making it crucial for users to patch affected systems promptly.

Recommendations for Users

Security experts recommend that Synology users take the following steps immediately:

• Check the DSM version running on all Synology devices.
• Apply the appropriate update based on the current version.
• Review NFS share configurations and permissions.
• Monitor system logs for any suspicious activity that might indicate previous exploitation.

The vulnerability highlights the importance of updating network storage devices, especially those exposed to the internet or accessible on corporate networks. 

Users are strongly advised to prioritize these updates to protect their data from potential breaches.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy