Path Traversal via Unmount in Synology AB 2.7.1-13234/23234/3234
CVE-2024-47265 Published on February 13, 2025
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.
Vulnerability Analysis
CVE-2024-47265 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Affected Versions
Synology Active Backup for Business:- Version * and below 2.7.1-3234 is affected.
- Version * and below 2.7.1-13234 is affected.
- Version * and below 2.7.1-23234 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.