CVE-2025-13593

Vulnerability

An origin validation error vulnerability (CWE-346) exists in Synology ActiveProtect Agent versions before 1.1.0-0439 on Windows. The flaw occurs during the installation process, where the agent fails to properly validate the origin of a request, allowing local users to write arbitrary files with restricted content [1].

Exploitation

An attacker requires local access to the system and must trigger the vulnerable code path during the installation of the ActiveProtect Agent. No authentication is needed, but user interaction (such as running the installer or a malicious file) is required. The attacker can supply crafted data that bypasses origin validation, leading to file write operations [1].

Impact

Successful exploitation allows a local user to write arbitrary files with restricted content to the system. The confidentiality impact is none, integrity impact is low, and the availability impact is high (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) [1]. The attacker can overwrite or place files, potentially disrupting system operations.

Mitigation

Synology has fixed the vulnerability in ActiveProtect Agent version 1.1.0-0439 and above. Users must upgrade to this version or later. The vendor states no workaround is available [1]. The vulnerability is listed in the advisory Synology_SA_25_15 [1].