CVE-2025-29844Path Traversal in Synology Router Manager

CWE-22Path Traversal3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 85.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Router ManagerSynology Router Manager
Timeline
PublishedDec 4

Description

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsynology/router_manager1.31.3.1-9346+1
CVEListV5synology/synology_router_manager1.31.3.1-9346-13

🔴Vulnerability Details

2
CVEList
CVE-2025-29844: A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information2025-12-04
GHSA
GHSA-rpqw-2g9r-gf4r: A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information2025-12-04
CVE-2025-29844 — Path Traversal in Synology | cvebase