Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4679

A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.

Published

2025-05-16T09:15:18.257

Last Modified

2025-07-02T12:15:28.437

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	synology	active_backup_for_microsoft_365	-	Yes

References

https://www.synology.com/en-global/security/advisory/Synology_SA_25_06 Vendor Advisory ([email protected])
https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/ (af854a3a-2127-422b-91ae-364da2661108)
https://modzero.com/static/MZ-25-02_modzero_Synology-Active-Backup-M365.pdf (af854a3a-2127-422b-91ae-364da2661108)