CVE-2025-12686_CVE-2025-12686

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

AI Analysis

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) and Synology BeeStation OS allows remote attackers to execute arbitrary code via unspecified vectors.

Basic Information

ID CVE-2025-12686

Source synology

Published May 27, 2026 at 08:37

Affected Product

Vendor Synology

Product BeeStation Manager (BSM)

Version 1.2

Affected Versions Synology BeeStation Manager (BSM) 1.2
Synology BeeStation Manager (BSM) 1.1
Synology BeeStation Manager (BSM) 1.0
Synology BeeStation OS 1.3

CWE Classification

CWE-120

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Synology

Product BeeStation Manager (BSM) and BeeStation OS

Version 1.0, 1.1, 1.2, 1.3

References

www.synology.com /en-global/security/advisory/Synology_SA_25_12

{
    "lastseen": "",
    "description": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.",
    "published": "2026-05-27T08:37:03.455Z",
    "modified": "2026-05-27T08:37:03.455Z",
    "type": "cve",
    "title": "CVE-2025-12686",
    "source": "synology",
    "references": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_12",
    "id": "CVE-2025-12686",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120"
    ],
    "cvelist": null,
    "sourceData": "Synology BeeStation Manager (BSM) 1.2\nSynology BeeStation Manager (BSM) 1.1\nSynology BeeStation Manager (BSM) 1.0\nSynology BeeStation OS 1.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BeeStation Manager (BSM)",
    "version": "1.2",
    "vendor": "Synology",
    "ai_description": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) and Synology BeeStation OS allows remote attackers to execute arbitrary code via unspecified vectors.",
    "ai_severity": "Critical",
    "ai_vendor": "Synology",
    "ai_product": "BeeStation Manager (BSM) and BeeStation OS",
    "ai_version": "1.0, 1.1, 1.2, 1.3",
    "ai_score": 9.8
}