CVE-2025-12686

Critical

Published: 27 May 2026

Published

27 May 2026

Modified

27 May 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0017 38.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12686 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Synology BeeStation OS (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

NVD Description

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-120

Affected Products

Synology

BeeStation OS

inferred from references and description; NVD did not file a CPE for this CVE

EU & UK References

🇪🇺 ENISA EUVD: EUVD-2025-209957

Regulatory context (EU CRA / NIS2 / DORA / UK NIS Regulations)

EU Cyber Resilience Act — coordinated disclosure

Critical and high-severity vulnerabilities in products with digital elements may trigger coordinated-disclosure obligations under the EU Cyber Resilience Act (CRA, Regulation 2024/2847). Manufacturers placing products on the EU market must notify ENISA and the relevant CSIRTs without undue delay once active exploitation is known.

References

https://www.synology.com/en-global/security/advisory/Synology_SA_25_12
security@synology.com