CVE-2024-10441 (CVSS 9.8): Synology Patches Critical Code Execution Flaw in Multiple Products
do son 
Synology has updated their security advisories to disclosure to a critical security vulnerability affecting several of its popular products, including Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC). The updates, disclosed on March 19, 2025, provide fixes for a critical flaw that could allow remote attackers to execute arbitrary code on vulnerable systems.
The most severe of the reported vulnerabilities is tracked as CVE-2024-10441 and has been assigned a CVSS3 base score of 9.8, indicating its critical severity. According to the advisory, this vulnerability is due to an “improper encoding or escaping of output vulnerability in the system plugin daemon” within the affected products. Successful exploitation of this flaw could enable remote attackers to execute arbitrary code via unspecified vectors, posing a significant risk to the security of Synology devices.
In addition to the critical code execution vulnerability, Synology also addressed a moderate severity vulnerability identified as CVE-2024-10445. This flaw, with a CVSS3 base score of 4.3, is described as an “improper certificate validation vulnerability in the update functionality” of the affected products. Exploitation of this vulnerability could allow remote attackers to write limited files via unspecified vectors.
Also, the security advisory has mentioned the CVE ID, CVE-2024-50629 (CVSS 5.3), but this flaw is marked as “RESERVED”.
Synology has released updated versions of its software to remediate these vulnerabilities. Users of Synology BeeStation Manager, Synology DiskStation Manager, and Synology Unified Controller are strongly advised to upgrade to the latest versions as soon as possible.
Affected Products and Fixed Release Availability:
| Product | Severity | Fixed Release Availability |
| DSM 7.2.2 | Critical | Upgrade to 7.2.2-72806-1 or above |
| DSM 7.2.1 | Critical | Upgrade to 7.2.1-69057-6 or above |
| DSM 7.2 | Critical | Upgrade to 7.2-64570-4 or above |
| DSM 7.1 | Critical | Upgrade to 7.1.1-42962-7 or above |
| DSM 6.2 | Critical | Upgrade to 6.2.4-25556-8 or above |
| DSMUC 3.1 | Critical | Upgrade to 3.1.4-23079 or above |
| BeeStation OS 1.1 | Critical | Upgrade to 1.1-65374 or above |
| BeeStation OS 1.0 | Critical | Upgrade to 1.1-65374 or above |
Synology credited Ryan Emmons (@the_emmons) and Team Smoking Barrels for reporting the vulnerabilities. Users are encouraged to review the Synology security advisories for complete details and to apply the necessary updates to protect their devices from potential exploitation.
Related Posts:
- Synology Patches Serious Bugs in DiskStation Manager
- Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own
- Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks
- Synology Camera Critical Vulnerabilities Patched: Upgrade Immediately
- Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately
