Synology BeeDrive for Desktop on Windows Vulnerabilities Let Hackers Run Malicious Code
Synology has issued an urgent security advisory addressing critical vulnerabilities in its BeeDrive desktop application for Windows that could allow attackers to execute malicious code and delete arbitrary files.
The company disclosed three separate Common Vulnerabilities and Exposures (CVE) identifiers on July 22, 2025, all classified with “Important” severity ratings, prompting immediate user action to upgrade to the latest patched version.
Critical Security Flaws Discovered
The vulnerabilities affect BeeDrive for desktop, Synology’s file synchronization and backup tool designed for Windows users.
| CVE ID | Severity | CVSS Score | Attack Vector | Description |
| CVE-2025-54158 | Important | 7.8 | Local | Missing Authentication – Arbitrary Code Execution |
| CVE-2025-54159 | Important | 7.5 | Remote | Missing Authorization – Arbitrary File Deletion |
| CVE-2025-54160 | Important | 7.8 | Local | Path Traversal – Arbitrary Code Execution |
Security researchers Zhao Runzi discovered and reported these flaws, which collectively pose significant risks to system integrity and data security.
The vulnerabilities enable both local and remote attack vectors, making them particularly concerning for enterprise and individual users alike.
- CVE-2025-54158 represents the most severe local privilege escalation flaw, allowing authenticated local users to execute arbitrary code with elevated privileges. This vulnerability stems from missing authentication controls for critical functions and carries a CVSS 3.1 base score of 7.8. The attack vector requires local access with low privileges and no user interaction, potentially enabling attackers to gain complete system control.
- CVE-2025-54159 poses a different but equally serious threat through remote file deletion capabilities. With a CVSS score of 7.5, this vulnerability allows unauthenticated remote attackers to delete arbitrary files without user interaction. The flaw results from missing authorization mechanisms, enabling attackers to potentially destroy critical data or system files remotely.
- CVE-2025-54160 rounds out the trio with another local code execution vulnerability scoring 7.8 on the CVSS scale. This path traversal vulnerability allows local users with limited privileges to execute arbitrary code by exploiting improper pathname limitations within restricted directories.
Synology has released BeeDrive for desktop version 1.4.2-13960 to address all three vulnerabilities. Users must upgrade immediately as no workarounds or mitigations exist for these security flaws.
The company’s security advisory Synology-SA-25:08 provides comprehensive technical details and upgrade instructions.
These vulnerabilities highlight the critical importance of maintaining up-to-date software installations, particularly for applications handling sensitive data synchronization.
Organizations and individual users running BeeDrive for desktop on Windows systems should prioritize this security update to prevent potential exploitation of these serious security flaws.
Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now
Source link
