CVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

April 23, 2025

CVE ID : CVE-2025-1021

Published : April 23, 2025, 3:15 a.m. | 3 hours, 40 minutes ago

Description : Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46216 – Apache HTTP Server HTTP Request Smuggling

Next Article CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

Highlights

CVE-2025-34112 – Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution

July 15, 2025

CVE ID : CVE-2025-34112

Published : July 15, 2025, 1:15 p.m. | 3 hours, 19 minutes ago

Description : An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the ‘/api/common/1.0/login’ endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the ‘/index.php?page=licenses’ endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the ‘mazu’ user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

CVE-2025-49195 – Apache FTP Unrestricted Authentication

Best Free and Open Source Software: May 2025 Updates

CVE-2025-0921 – Mitsubishi Electric GENESIS64/MC Works64 Symbolic Link Privilege Escalation Vulnerability

CVE-2025-46192 – SourceCodester Client Database Management System SQL Injection

CVE-2025-34112 – Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution

What if Superman was AI?

Pinta 3.0 Released With New Effects and GTK4 Port

Kids behaving badly online? Here’s what parents can do

CVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

Related Posts