ZDI-26-423: Synology DiskStation DS925+ MailPlus Redis Weak Cryptography for Passwords Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS925+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-15660.
AI Analysis
Technical Summary
CVE-2025-15660 is a critical remote code execution vulnerability affecting Synology DiskStation DS925+ devices via the MailPlus Redis component. The vulnerability arises from the use of weak cryptography to store passwords in a recoverable format. This weakness allows an unauthenticated, network-adjacent attacker to execute arbitrary code with root privileges. The vulnerability has a CVSS score of 8.8 and was publicly disclosed on July 15, 2026. Synology has released an update to remediate this issue.
Potential Impact
An attacker can remotely execute arbitrary code as root on affected Synology DiskStation DS925+ devices without requiring authentication. This can lead to full system compromise, including confidentiality, integrity, and availability impacts.
Mitigation Recommendations
Synology has issued an official update that corrects this vulnerability. Users of Synology DiskStation DS925+ devices should apply the update promptly to mitigate the risk of exploitation.
ZDI-26-423: Synology DiskStation DS925+ MailPlus Redis Weak Cryptography for Passwords Remote Code Execution Vulnerability
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS925+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-15660.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-15660 is a critical remote code execution vulnerability affecting Synology DiskStation DS925+ devices via the MailPlus Redis component. The vulnerability arises from the use of weak cryptography to store passwords in a recoverable format. This weakness allows an unauthenticated, network-adjacent attacker to execute arbitrary code with root privileges. The vulnerability has a CVSS score of 8.8 and was publicly disclosed on July 15, 2026. Synology has released an update to remediate this issue.
Potential Impact
An attacker can remotely execute arbitrary code as root on affected Synology DiskStation DS925+ devices without requiring authentication. This can lead to full system compromise, including confidentiality, integrity, and availability impacts.
Mitigation Recommendations
Synology has issued an official update that corrects this vulnerability. Users of Synology DiskStation DS925+ devices should apply the update promptly to mitigate the risk of exploitation.
Technical Details
- Article Source
- {"url":"http://www.zerodayinitiative.com/advisories/ZDI-26-423/","fetched":true,"fetchedAt":"2026-07-16T15:51:08.237Z","wordCount":187}
Threat ID: 6a58fe6768715ace43485c2c
Added to database: 07/16/2026, 15:53:11 UTC
Last enriched: 07/16/2026, 15:56:01 UTC
Last updated: 07/16/2026, 16:59:25 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.