Heise.De
Critical Vulnerabilities in Synology MailPlus Server Expose Users to Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Synology has identified multiple critical vulnerabilities in its MailPlus Server that could allow attackers to execute denial-of-service (DoS) attacks, access internal services, and manipulate files. The vulnerabilities, including CVE-2025-15660 and CVE-2026-13136, have been rated critical with a CVSS score of 10. Users running MailPlus Server versions 4.0.1-21663 on DSM 7.2.1, 7.2.2, and 7.3 are particularly at risk. The third vulnerability, CVE-2026-13135, is classified as medium and allows access to internal services. Synology has released patches to address these vulnerabilities, and users are urged to update immediately. No ongoing attacks have been reported at this time.
Key Points: • Two critical vulnerabilities (CVE-2025-15660, CVE-2026-13136) rated 10/10 on CVSS. • Affected systems include MailPlus Server versions 4.0.1-21663 on DSM 7.2.1, 7.2.2, and 7.3. • Users are strongly advised to apply patches immediately to mitigate risks.