CVE-2025-29846 is a path traversal vulnerability identified in Synology Router Manager (SRM) version 1.3, specifically within the portenable.cgi interface. The flaw arises from improper limitation of pathname inputs, allowing remote authenticated users to circumvent directory restrictions and retrieve the status of installed packages. This vulnerability is exploitable over the network (AV:N) with low attack complexity (AC:L), but requires high-level privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U), but the impact is high across confidentiality, integrity, and availability (C:H/I:H/A:H). By exploiting this vulnerability, an attacker could gain unauthorized insight into installed packages, potentially leading to further exploitation or lateral movement within the network. Although no public exploits are currently known, the vulnerability's nature and impact warrant immediate attention. The vulnerability was reserved in March 2025 and published in December 2025, indicating recent discovery and disclosure. Synology SRM is widely used in small to medium enterprise and home network environments, making this a significant risk for affected users.

The vulnerability compromises the confidentiality, integrity, and availability of affected Synology SRM devices. Attackers with authenticated access can bypass directory restrictions to access sensitive package status information, which may reveal system configurations and potential attack vectors. This can facilitate further exploitation, unauthorized system modifications, or denial of service conditions. Given the network-exposed nature of SRM devices, exploitation could lead to lateral movement within organizational networks, impacting broader infrastructure. The requirement for high privileges limits exploitation to insiders or compromised accounts, but the high impact on system security and potential for escalation makes this a critical concern. Organizations relying on Synology SRM for network management face risks of data leakage, service disruption, and increased attack surface.

Organizations should immediately verify if they are running Synology SRM version 1.3 and prioritize upgrading to a patched version once available. In the absence of a patch, restrict access to the SRM management interface to trusted networks and enforce strong authentication and account management policies to prevent unauthorized access. Implement network segmentation to isolate SRM devices from critical infrastructure. Monitor logs for unusual access patterns to portenable.cgi or other management interfaces. Employ intrusion detection systems to detect potential exploitation attempts. Additionally, disable or limit the use of portenable.cgi if feasible, or apply web application firewall (WAF) rules to block suspicious path traversal attempts. Regularly audit installed packages and system configurations to detect unauthorized changes.