CVE-2025-29845 is a path traversal vulnerability identified in Synology Router Manager (SRM) version 1.3, specifically affecting the VideoPlayer2 subtitle CGI interface. This flaw allows remote authenticated users to bypass intended directory restrictions and read arbitrary .srt subtitle files stored on the device. The vulnerability arises from improper limitation of pathname inputs, enabling traversal outside the restricted directory. Since the attack requires authentication but no user interaction, an attacker with valid credentials can exploit this remotely over the network. The vulnerability impacts confidentiality by exposing potentially sensitive subtitle files, which may contain metadata or information useful for further attacks or reconnaissance. However, it does not affect the integrity or availability of the system. The CVSS v3.1 base score is 4.3 (medium), reflecting the limited scope and impact. No patches or known exploits are currently reported, but the presence of this vulnerability in a widely used router management system underscores the need for vigilance. The issue is particularly relevant for environments where SRM 1.3 is deployed, as attackers with compromised credentials could leverage this flaw to gather information from the device.

For European organizations, this vulnerability could lead to unauthorized disclosure of subtitle files stored on Synology routers running SRM 1.3. While subtitle files themselves may seem low risk, they can contain metadata or embedded information that could aid attackers in profiling the network or user behavior. In sensitive environments, such as government, healthcare, or critical infrastructure sectors, any unauthorized file access could be leveraged for further attacks or espionage. The requirement for authentication limits the attack surface but does not eliminate risk, especially if credential compromise occurs through phishing or other means. Additionally, Synology devices are popular in small to medium enterprises and home office setups across Europe, increasing the potential exposure. The vulnerability does not disrupt router functionality or network availability, but the confidentiality breach could have cascading effects depending on the data contained in the subtitle files or the attacker's objectives.

1. Upgrade Synology Router Manager (SRM) to a version beyond 1.3 where this vulnerability is patched once available. 2. Restrict access to the VideoPlayer2 subtitle CGI interface by implementing network segmentation and firewall rules to limit access only to trusted users and management networks. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Monitor router logs for unusual access patterns to subtitle files or the CGI interface, which could indicate exploitation attempts. 5. Disable or remove unnecessary services or features related to subtitle handling if not required in the deployment environment. 6. Educate users and administrators about the risks of credential theft and encourage regular password updates. 7. Conduct regular vulnerability assessments and penetration testing focusing on router management interfaces to detect similar issues proactively.