Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN326

_____________________________________________________________________

DATE                : 20/05/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Synology Active Backup for Microsoft 365.

=====================================================================
https://www.synology.com/fr-fr/security/advisory/Synology_SA_25_06
_____________________________________________________________________

Synology-SA-25:06 Active Backup for Microsoft 365

Publish Time: 2025-05-16 15:06:06 UTC+8

Last Updated: 2025-05-17 18:05:39 UTC+8

Severity
    Moderate

Status
    Resolved

Abstract

The vulnerability documented by this CVE requires no customer action
to resolve.


Affected Products

Product         Severity         Fixed Release Availability
                

Mitigation

None

Detail

    CVE-2025-4679
        Severity: Moderate
        CVSS3 Base Score: 6.5
        CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
        A vulnerability in Synology Active Backup for Microsoft 365
allows remote authenticated attackers to obtain sensitive
information via unspecified vectors.


Acknowledgement

Leonid Hartmann of modzero


Reference

CVE-2025-4679


Revision

Revision         Date         Description
1         2025-05-14         Initial public release.
2         2025-05-16         Disclosed vulnerability details.
3         2025-05-17         Disclosed vulnerability details.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================