Cyber Resilience

CVE-2024-10444

High

Published: 19 March 2025

Published
19 March 2025
Modified
17 November 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0020 42.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10444 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Synology Diskstation Manager. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 42.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-10444 is an improper certificate validation vulnerability (CWE-295) affecting the LDAP utilities in Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8, 7.2.1-69057-7, and 7.2.2-72806-3. This flaw enables man-in-the-middle (MITM) attackers to hijack administrator authentication through unspecified vectors, as disclosed on March 19, 2025. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

The attack requires a network-accessible position for MITM interception, high attack complexity, no user privileges, and user interaction, such as an administrator triggering the vulnerable LDAP operation. Successful exploitation allows attackers to impersonate administrators, potentially granting unauthorized access to DSM administrative functions and compromising the entire DiskStation system.

Synology's security advisory (Synology_SA_25_01) details the issue and recommends updating to DSM 7.1.1-42962-8, 7.2.1-69057-7, or 7.2.2-72806-3, or later, to mitigate the vulnerability by addressing the certificate validation flaw in LDAP utilities.

EU & UK References

Vulnerability details

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

The vulnerability's improper certificate validation in LDAP utilities directly enables MITM attackers to intercept and hijack administrator authentication sessions.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13392Same product: Synology Diskstation Manager
CVE-2024-10441Same product: Synology Diskstation Manager
CVE-2025-14713Same product: Synology Diskstation Manager
CVE-2025-30028Same product: Synology Diskstation Manager
CVE-2024-45538Same product: Synology Diskstation Manager
CVE-2024-50394Same product class: NAS / storage appliance
CVE-2024-50631Same product class: NAS / storage appliance
CVE-2024-50630Same product class: NAS / storage appliance
CVE-2021-47961Same product class: NAS / storage appliance
CVE-2025-30277Same product class: NAS / storage appliance

Affected Assets

synology
diskstation manager
7.1 — 7.1.1-42962-8 · 7.2.1-69057 — 7.2.1-69057-7 · 7.2.2 — 7.2.2-72806-3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires establishment, management, and validation of PKI certificates to mitigate improper certificate validation in LDAP utilities enabling MITM attacks.

prevent

Mandates timely flaw remediation, including installation of vendor patches that fix the specific improper certificate validation vulnerability in Synology DSM LDAP utilities.

prevent

Requires cryptographic mechanisms to protect transmission confidentiality and integrity over networks, reducing MITM risks during LDAP-based administrator authentication.

References