CVE-2025-29846

moderate-risk
Published 2025-12-04

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

Do I need to act?

-
0.93% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (14)

Affected Vendors

Synology

References (1)

Vendor Advisory https://www.synology.com/en-global/security/advisory/Synology_SA_25_04
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 18/34 · Moderate