DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.

Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.