Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN782
_____________________________________________________________________

DATE                : 12/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running BeeStation versions prior to
                                    1.3.2-65648.

=====================================================================
https://www.synology.com/en-global/security/advisory/Synology_SA_25_12
_____________________________________________________________________

Synology-SA-25:12 BeeStation (PWN2OWN 2025)

Publish Time: 2025-11-10 15:20:37 UTC+8

Last Updated: 2025-11-10 15:20:51 UTC+8

Severity
    Critical

Status
    Resolved


Abstract

Synology has released a security update for the BeeStation OS to
address ZDI-CAN-28275 :

            CVE-2025-12686 allows remote attackers to execute
arbitrary code.

Please refer to the 'Affected Products' table for the corresponding
updates.


Affected Products

Product 	Severity 	Fixed Release Availability
BeeStation OS 1.3     Critical    Upgrade to 1.3.2-65648 or above.
BeeStation OS 1.2     Critical    Upgrade to 1.3.2-65648 or above.
BeeStation OS 1.1     Critical    Upgrade to 1.3.2-65648 or above.
BeeStation OS 1.0     Critical    Upgrade to 1.3.2-65648 or above.


Mitigation

None


Detail

    CVE-2025-12686
        Severity: Critical
        CVSS3 Base Score: 9.8
        CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
        CWE-120: Buffer Copy without Checking Size of Input ('Classic
Buffer Overflow')
        ** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when announcing a new
security problem. When the candidate has been publicized, the
details for this candidate will be provided.


Acknowledgement

@Tek_7987 & @_Anyfun (@Synacktiv)


Reference

CVE-2025-12686

Revision

Revision 	Date 	Description
1 	2025-11-10 	Initial public release.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================