Summary: A newly identified vulnerability in the Synology Mail Server, tracked as CVE-2025-2848, allows authenticated attackers to modify system settings, potentially affecting mail service stability. With a CVSS score of 6.3, this vulnerability may not be critical but poses risks in multi-user environments where access is shared. Synology advises immediate upgrades to mitigate this risk and enhance security measures.
Affected: Synology Mail Server (running on DSM versions 7.2 and 7.1)
Keypoints :
- Vulnerability allows remote authenticated users to change non-sensitive settings and disable non-critical functions.
- Impact includes potential targeted denial-of-service scenarios and lateral movements within compromised networks.
- Users are urged to upgrade to fixed DSM versions and implement multi-factor authentication (MFA) to enhance security.