CVE-2025-66592 PUBLISHED

Assigner: synology
Reserved: 05.12.2025 Published: 27.05.2026 Updated: 27.05.2026

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CVSS Score: 6.1

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Synology
Product	Synology Active Backup for Business Agent
Versions	Default: affected affected from * to 3.1.0-4967 (excl.)

Credits

Sheikh Rishad (https://x.com/sheikhrishad0) finder

References

Synology-SA-25:16 Synology Active Backup for Business Agent

Problem Types

Origin Validation Error CWE