An origin validation error in Synology Assistant before version 7.0.6‑50085 allows local users to write arbitrary files with restricted content and trigger a denial‑of‑service during installation. The flaw bypasses expected origin checks, permitting unauthorized creation or modification of critical files. This can be used to alter system configuration, drop malicious payloads, or interrupt the installation process, affecting the local system and potentially the device as a whole.

Synology Assistant running on Synology NAS devices, any release prior to 7.0.6‑50085. The vulnerability affects the assistant component that handles software installation and package deployment, and it requires a user with local administrative or installation privileges.

The CVSS score of 6.1 indicates moderate severity. The EPSS score of <1% (approximately 0.004%) shows a very low probability of exploitation, and the vulnerability is not listed in CISA KEV, suggesting limited known exploitation. The attack vector is local; an adversary needs a legitimate local account and must trigger the installation routine. Because the flaw allows writing arbitrary files during installation, an attacker could inject malicious configuration or executable files that the Synology Assistant later processes, potentially leading to denial of service or elevation of privileges on the affected device.