High severity8.1NVD Advisory· Published May 27, 2026

CVE-2025-13392

Description

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-13392 is an authentication bypass vulnerability in Synology DSM SSO, requiring prior knowledge of a DN.

Vulnerability

CVE-2025-13392 is an improper check for unusual or exceptional conditions vulnerability in the SSO component of Synology DiskStation Manager (DSM). It affects DSM versions before 7.2.2-72806-5 and 7.3.1-86003-1; version 7.2.1-69057 is not affected [1]. The flaw allows remote attackers to bypass authentication with prior knowledge of a distinguished name (DN).

Exploitation

Exploitation requires prior knowledge of a valid distinguished name (DN) and network access to the affected DSM system. No authentication or user interaction is needed, though the attack complexity is considered high [1].

Impact

Successful exploitation can lead to authentication bypass, potentially granting an attacker elevated privileges on the DSM system, compromising confidentiality, integrity, and availability with a CVSS v3 base score of 8.1 (High) [1].

Mitigation

Synology has released fixed versions: upgrade DSM 7.2.2 to 7.2.2-72806-5 or above, and DSM 7.3.1 to 7.3.1-86003-1 or above [1]. No workaround is provided in the advisory.

References

Synology_SA_25_14 | Synology Inc.

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Synology/Diskstation Managerllm-fuzzy
Range: >=7.2.2-72806-5, <7.3.1-86003-1 (7.2.1-69057 not affected)

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.synology.com/en-global/security/advisory/Synology_SA_25_14nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000