Synology DSM WebAPI CVE-2024-5401: Improper Code Resource Control pre-7.1.1-42962-8, pre-7.2.1-69057
CVE-2024-5401 Published on December 4, 2025
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.
Vulnerability Analysis
CVE-2024-5401 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Control of Dynamically-Managed Code Resources
The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.
Products Associated with CVE-2024-5401
Want to know whenever a new CVE is published for Synology Diskstation Manager? stack.watch will email you.
Affected Versions
Synology DiskStation Manager (DSM):- Version 7.2.2 and below 7.2.2-72806 is affected.
- Version 7.2.1 and below 7.2.1-69057-2 is affected.
- Before 7.2.1 is unknown.
- Version 3.1 and below 3.1.4-23079 is affected.
- Before 3.1 is unknown.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.