CVE-2025-2848

MEDIUM EPSS 30.0%

Published Dec 4, 20256mo ago · Modified Jun 17, 20261w ago

6.3 CVSS 3.1

Medium

Published Dec 4, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

CVSS Details

Base Score

6.3

Exploitability

2.8

Impact

3.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

30.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 4

Vendor	Product	Version	Range
synology	mail_server	*	<1.7.6-10676
synology	diskstation_manager	7.1	any
synology	mail_server	*	<1.7.6-20676
synology	diskstation_manager	7.2	any

References 1

synology.com https://www.synology.com/en-global/security/advisory/Synology_SA_25_05

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.