Synology has patched a significant remote code execution (RCE) vulnerability affecting its BeeStation products, highlighted at the recent Pwn2Own competition. The flaw, identified as CVE-2025-12686, stems from a buffer copy issue that allows attackers to execute arbitrary code. This vulnerability impacts multiple versions of BeeStation OS, which is used in Synology's consumer-oriented network-attached storage devices. Users need to upgrade to BeeStation OS version 1.3.2-65648 or later to mitigate the risk. Researchers Tek and anyfun from Synacktiv demonstrated the exploit during the Pwn2Own Ireland 2025 event, earning a $40,000 reward for their efforts. The competition showcased 73 zero-day vulnerabilities across various consumer devices, with more than $1 million in rewards distributed. In a related note, QNAP, another major NAS vendor, recently addressed seven zero-day vulnerabilities revealed at the same event. The Zero Day Initiative (ZDI) manages the disclosure process for these issues, withholding detailed information until patches are available and users have time to implement them. More insights into these vulnerabilities are expected in the coming months on ZDI's bulletin board and through the researchers' blogs.