Remote Code Execution Vulnerability in Portenable CGI Affects Synology Products
CVE-2025-29846

7.2HIGH

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-29846?

A vulnerability in Portenable CGI allows remote authenticated users access to sensitive information regarding installed packages on Synology devices. This could empower malicious actors to leverage this information for further exploits, underscoring the need for timely updates and security measures to safeguard user environments.

Affected Version(s)

Synology Router Manager (SRM) 1.3

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-13

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group

JSON