CVE-2025-8074

5.6 MEDIUM

📋 TL;DR

This vulnerability in Synology BeeDrive desktop software allows local users to write arbitrary files containing non-sensitive information due to an origin validation error. It affects users running BeeDrive desktop versions before 1.4.3-13973. The vulnerability requires local access to the system.

💻 Affected Systems

Products:

• Synology BeeDrive for desktop

Versions: Versions before 1.4.3-13973

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the desktop client software, not the BeeDrive hardware device itself. Requires local user access to the system.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could write arbitrary files to the system, potentially leading to denial of service, configuration corruption, or preparation for further attacks by planting malicious files.

🟠

Likely Case

Local users could modify application files, disrupt BeeDrive functionality, or corrupt user data stored through the application.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to non-sensitive file writes by already authenticated local users.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system where BeeDrive is installed.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to disrupt BeeDrive functionality or plant files for future attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. The 'unspecified vectors' in the description suggests exploitation details are not publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.3-13973

Vendor Advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_25_09

Restart Required: Yes

Instructions:

1. Open Synology BeeDrive desktop application. 2. Check for updates in settings. 3. Download and install version 1.4.3-13973 or later. 4. Restart the application or system if prompted.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote desktop access to systems running BeeDrive to trusted users only.

Disable BeeDrive Service

all

Temporarily disable BeeDrive desktop application if not actively needed for file synchronization.

🧯 If You Can't Patch

• Implement strict access controls to limit which users can log into systems running vulnerable BeeDrive versions.
• Monitor file system changes in BeeDrive directories and application logs for suspicious write activities.

🔍 How to Verify

Check if Vulnerable:

Copy

Check BeeDrive desktop application version in settings or about dialog. If version is lower than 1.4.3-13973, the system is vulnerable.

Check Version:

Copy

Check application settings or about dialog (platform dependent)

Verify Fix Applied:

Copy

Confirm BeeDrive desktop application version is 1.4.3-13973 or higher after update.

📡 Detection & Monitoring

Log Indicators:

• Unexpected file write operations in BeeDrive application logs
• File modification events in BeeDrive installation directories

Network Indicators:

• None - this is a local vulnerability

SIEM Query:

Copy

File modification events in paths containing 'BeeDrive' or 'Synology' from non-administrative users

📊 Metadata

CVE ID: CVE-2025-8074

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

CWE: CWE-346

Published: December 4, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

• https://www.synology.com/en-global/security/advisory/Synology_SA_25_09 Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8074, you might also want to check these:

CVE-2022-50975 8.8

This vulnerability allows an unauthenticated remote attacker to hijack existing user sessions and ga...

Same vulnerability type (CWE-346)