Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and …

A classic buffer overflow vulnerability (CVE-2025-12686) affects the AdminCenter component in Synology BeeStation Manager (BSM) and BeeStation OS versions before 1.3.2-65648. The vulnerability allows remote attackers to execute arbitrary code through unspecified vectors due to buffer copy operations that do not validate input size. This represents a critical security flaw that could enable complete system compromise. Both BeeStation Manager and BeeStation OS products are affected by the same underlying vulnerability. Users should upgrade to version 1.3.2-65648 or later to address this security issue.