How to fix EUVD-2025-201172?

Within 24 hours: Identify all systems running affected portenable CGI versions and document their criticality. Within 7 days: Implement network access controls limiting portenable CGI access to authorized administrators only, and enable detailed logging of all portenable CGI queries. Within 30 days: Monitor vendor advisories for patch availability and establish a deployment plan; consider disabling or restricting the package status query functionality if operationally feasible.

Is Router Manager affected by EUVD-2025-201172?

CVE-2025-29846 allows authenticated attackers to enumerate installed packages on affected systems through a web interface vulnerability, potentially exposing sensitive software inventory information that could facilitate targeted attacks.

EUVD-2025-201172

| CVE-2025-29846 HIGH

2025-12-04 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201172

CVE Published

Dec 04, 2025 - 15:15 nvd

HIGH 7.2

Description

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

Analysis

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected Products

Affected products: Synology Router Manager

Remediation

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: 0

EUVD-2025-201172 vulnerability details – vuln.today

Back

EUVD-2025-201172

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-201172

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code