Local File Write in Synology ActiveProtect Agent < v1.1.0-0439: CVE-2025-13593 May 2026

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

Vulnerability Analysis

CVE-2025-13593 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

HIGH

Weakness Type

Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Affected Versions

Exploit Probability

EPSS

0.00%

Percentile

0.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Local File Write in Synology ActiveProtect Agent < v1.1.0-0439CVE-2025-13593 Published on May 27, 2026

Vulnerability Analysis

Weakness Type

Origin Validation Error

Affected Versions

Exploit Probability

Local File Write in Synology ActiveProtect Agent < v1.1.0-0439
CVE-2025-13593 Published on May 27, 2026