Synology has patched a critical zero-day vulnerability in its BeeStation OS that enables remote attackers to execute arbitrary code, a flaw demonstrated at the Pwn2Own Ireland 2025 hacking contest.
Tracked as CVE-2025-12686 and identified by ZDI-CAN-28275, this buffer overflow issue poses severe risks to users of the compact NAS device designed for personal cloud storage.
The vulnerability’s disclosure highlights ongoing threats to network-attached storage systems, where unauthenticated exploits can lead to complete system compromise.
The Flaw Exposed At Pwn2Own
Security researchers from Synacktiv, @Tek_7987, and @_Anyfun showcased the exploit live during the Pwn2Own Ireland 2025 event, earning recognition for uncovering this high-impact weakness.
Classified under CWE-120 for classic buffer overflow, the bug stems from inadequate input-size checks in BeeStation OS’s memory handling, allowing crafted network packets to overflow buffers and hijack execution flow.
With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H), it requires no privileges or user interaction, making it highly exploitable over the network.
The issue affects all major versions of BeeStation OS from 1.0 to 1.3, potentially exposing sensitive data, such as photos, videos, and backups, stored on the device to remote takeover.
Attackers could leverage this for data theft, ransomware deployment, or pivoting into broader home networks, amplifying risks in environments reliant on simple, always-on storage solutions.
Synology acknowledged the finding in its advisory Synology-SA-25:12, noting that the flaw’s status is reserved under CVE protocols until full details emerge post-patch.
Synology’s Swift Response and Mitigation Steps
Synology released version 1.3.2-65648 or later as the immediate fix, urging all users to upgrade without delay to neutralize the threat.
The update directly addresses the buffer overflow, with no additional mitigations required beyond applying the patch, since the OS lacks built-in workarounds, such as input sanitization, for vulnerable components.
Administrators should verify installation via the BeeStation interface and monitor for any unusual activity, especially if devices are exposed to the internet.
This incident underscores the value of bug bounty programs like Pwn2Own in preempting real-world attacks on consumer hardware.
As details on the exploit technique remain limited due to responsible disclosure, organizations using BeeStation for personal or small-scale data management must prioritize updates to maintain integrity amid evolving threat landscapes.
Synology’s rapid resolution demonstrates proactive security, but the episode serves as a reminder for routine vulnerability scanning in NAS ecosystems.
