CVE-2025-29845
📋 TL;DR
This vulnerability allows authenticated users to read .srt subtitle files on Synology Video Station systems. It affects Synology Video Station installations where users have authenticated access to the subtitle CGI functionality.
💻 Affected Systems
- Synology Video Station
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attackers could access sensitive subtitle files that might contain metadata or embedded information not intended for user viewing, potentially leading to information disclosure.
Likely Case
Limited information disclosure of subtitle file contents, which typically contain movie/TV show dialogue but could include embedded metadata or annotations.
If Mitigated
Minimal impact as subtitle files generally contain public dialogue text with limited sensitive information.
🎯 Exploit Status
Requires authenticated access to the Video Station interface and knowledge of the subtitle CGI endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Video Station 3.2.0-5005 and later
Vendor Advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_25_04
Restart Required: No
Instructions:
1. Log into DSM as administrator. 2. Open Package Center. 3. Find Video Station. 4. Click Update if available. 5. Install version 3.2.0-5005 or later.
🔧 Temporary Workarounds
Disable Video Station subtitle CGI
linuxTemporarily disable the subtitle CGI functionality until patching is possible
Restrict Video Station access
allLimit Video Station access to trusted users only and remove unnecessary user accounts
🧯 If You Can't Patch
- Remove Video Station from internet-facing interfaces and restrict to internal network only
- Implement strict access controls and audit user accounts with Video Station permissions
🔍 How to Verify
Check if Vulnerable:
Check Video Station version in DSM Package Center. If version is below 3.2.0-5005, the system is vulnerable.Check Version:
No direct command - check via DSM web interface Package CenterVerify Fix Applied:
Verify Video Station version shows 3.2.0-5005 or higher in Package Center.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to subtitle CGI endpoints
- Multiple .srt file read requests from single user sessions
Network Indicators:
- HTTP requests to /webapi/VideoStation/subtitle.cgi with file read parameters
SIEM Query:
source="synology" AND uri="/webapi/VideoStation/subtitle.cgi" AND (method="GET" OR method="POST") AND parameters CONTAINS ".srt"