CVE-2025-29843
MEDIUMDescription
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
| synology | router_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-29843? +
How severe is CVE-2025-29843? +
What products are affected by CVE-2025-29843? +
How do I check if I'm vulnerable to CVE-2025-29843? +
Related Vulnerabilities
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior …
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path …
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file …
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check …
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn() in lua/upload/upload.go uses filepath.Join() with the caller-supplied directory …
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom …