CVE-2025-13392 HIGH

CVE-2025-13392

Vendor Synology
Product DiskStation Manager (DSM)
Weakness CWE-754
Published May 27, 2026
Last update May 27, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).

Key dates

02Disclosure timeline

May 27, 2026 CVE published
May 27, 2026 Record updated