CVE Weekly Roundup: Dec 1 - Dec 7, 2025

🔴 Critical & High Severity Vulnerabilities

These are the most dangerous vulnerabilities disclosed this week. Prioritize patching these.

CVE-2025-54158 7.8

A missing authentication vulnerability in Synology BeeDrive desktop software allows local users to execute arbitrary code without proper authenticatio...

Dec 4

CVE-2025-54160 7.8

This path traversal vulnerability in Synology BeeDrive desktop software allows local users to execute arbitrary code by manipulating file paths. It af...

Dec 4

CVE-2025-54159 7.5

This CVE describes a missing authorization vulnerability in Synology BeeDrive desktop software that allows remote attackers to delete arbitrary files ...

Dec 4

🏢 Most Affected Vendors

Synology 4 CVEs

🐛 Common Vulnerability Types

CWE-22 1 occurrences

CWE-306 1 occurrences

CWE-346 1 occurrences

CWE-862 1 occurrences

CWE-125 1 occurrences

📋 All CVEs This Week

CVE-2025-54158 7.8

A missing authentication vulnerability in Synology BeeDrive desktop software allows local users to execute arbitrary cod...

CVE-2025-54160 7.8

This path traversal vulnerability in Synology BeeDrive desktop software allows local users to execute arbitrary code by ...

CVE-2025-54159 7.5

This CVE describes a missing authorization vulnerability in Synology BeeDrive desktop software that allows remote attack...

CVE-2025-14104 6.1

A heap buffer overread vulnerability in util-linux's setpwnam() function allows reading beyond allocated memory when pro...

CVE-2025-8074 5.6

This vulnerability in Synology BeeDrive desktop software allows local users to write arbitrary files containing non-sens...

📚 Past Roundups

Feb 2 - Feb 8, 2026 Jan 26 - Feb 1, 2026 Jan 19 - Jan 25, 2026 Jan 13 - Jan 19, 2026 Jan 8 - Jan 14, 2026 Dec 4 - Dec 10, 2025 Nov 17 - Nov 23, 2025 Nov 14 - Nov 20, 2025 Nov 3 - Nov 9, 2025 Oct 31 - Nov 6, 2025 Oct 22 - Oct 28, 2025 Oct 15 - Oct 21, 2025