Wednesday, November 12, 2025
Security

Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland

by CybrGPT
0 comment

Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition.

The security issue (CVE-2025-12686) is described as a ‘buffer copy without checking the size of input’ problem, and can be exploited to allow arbitrary code execution.

It impacts multiple versions of BeeStation OS, the software powering Synology’s network-attached storage (NAS) devices marketed as a consumer-oriented  “personal cloud.”

Wiz

There are no mitigations available, so the vendor recommends that users upgrade to the following versions, which address :

  • BeeStation OS version 1.3.2-65648 or above
  • BeeStation OS version 1.3.2-65648 or above
  • BeeStation OS version 1.3.2-65648 or above
  • BeeStation OS version 1.3.2-65648 or above

Researchers Tek and anyfun at French cybersecurity company Synacktiv exploited the flaw in a demonstration during the Pwn2Own Ireland 2025 contest on October 21st. For their successful exploitation, the two researchers received a $40,000 reward.

tweet

A three-day hacking competition organized by Trend Micro and the Zero Day Initiative (ZDI), Pwn2Own gives security researchers the opportunity to hack popular consumer devices using zero-day vulnerabilities.

The most recent event held in Ireland had researchers demonstrating 73 zero-day flaws across a broad range of products and winning more than $1 million.

Last week, another major NAS vendor, QNAP, fixed a total of seven zero-day vulnerabilities in multiple devices from the company, which white-hat hackers had shown at Pwn2Own Ireland this year.

ZDI has a disclosure agreement with companies participating in Pwn2Own and holds off publishing the technical details of the security issues until patches are available and users have had sufficient time to apply the updates.

More details about these flaws will be disclosed in the coming months on ZDI’s bulletin board and, in some cases, on personal blog spaces of the researchers themselves.

Wiz

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.

This free cheat sheet outlines 7 best practices you can start using today.

Source link

You Might Be Interested In

You may also like

New UK laws to strengthen critical infrastructure cyber defenses

Microsoft fixes Windows Task Manager bug affecting performance

Microsoft releases KB5068781 — The first Windows 10 extended security update

Windows 11 23H2 Home and Pro reach end of support

Rhadamanthys infostealer disrupted as cybercriminals lose server access

Hackers abuse Triofox antivirus feature to deploy remote access tools

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Stay informed with the latest cybersecurity news. Explore updates on malware, ransomware, data breaches, and online threats. Your trusted source for digital safety and cyber defense insights.

Facebook Twitter Instagram
Weather Data Source: 30 tage wettervorhersage

Subscribe my Newsletter for new blog posts, tips & new photos. Let’s stay updated!

©2025 cybrgpt.com – All rights reserved.

@2025 - All Right Reserved.
View Cart Checkout Continue Shopping
Close