BeeDrive
by Synology
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52945 | Hig | 0.51 | 7.8 | 0.00 | May 27, 2026 | Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors. | ||
| CVE-2024-11399 | Med | 0.44 | 6.8 | 0.00 | May 27, 2026 | Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors. | ||
| CVE-2025-8074 | 0.00 | — | 0.00 | Dec 4, 2025 | Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors. | |||
| CVE-2025-54160 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. | |||
| CVE-2025-54159 | 0.00 | — | 0.00 | Dec 4, 2025 | Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors. | |||
| CVE-2025-54158 | 0.00 | — | 0.00 | Dec 4, 2025 | Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors. |
- risk 0.51cvss 7.8epss 0.00
Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
- risk 0.44cvss 6.8epss 0.00
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.
- CVE-2025-8074Dec 4, 2025risk 0.00cvss —epss 0.00
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.
- CVE-2025-54160Dec 4, 2025risk 0.00cvss —epss 0.00
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.
- CVE-2025-54159Dec 4, 2025risk 0.00cvss —epss 0.00
Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors.
- CVE-2025-54158Dec 4, 2025risk 0.00cvss —epss 0.00
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.