CVE-2025-10466 | THREATINT

Description

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.

PUBLISHED Reserved 2025-09-15 | Published 2026-05-27 | Updated 2026-05-27 | Assigner synology

MEDIUM: 5.9CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

affected

* (semver) before 1.3.1-0329

affected

Credits

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_11 (Synology-SA-25:11 Safe Access) vendor-advisory

cve.org (CVE-2025-10466)

nvd.nist.gov (CVE-2025-10466)

Download JSON