Vulnerability Details CVE-2025-10466
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 18.0%
CVSS Severity
CVSS v3 Score 5.9
Products affected by CVE-2025-10466
-
cpe:2.3:a:synology:safe_access:1.0.0-0152
-
cpe:2.3:a:synology:safe_access:1.0.1-0156
-
cpe:2.3:a:synology:safe_access:1.1.0-0173
-
cpe:2.3:a:synology:safe_access:1.1.1-0176
-
cpe:2.3:a:synology:safe_access:1.2.0-0210
-
cpe:2.3:a:synology:safe_access:1.2.1-0220
-
cpe:2.3:a:synology:safe_access:1.2.2-0231
-
cpe:2.3:a:synology:safe_access:1.2.3-0234
-
cpe:2.3:a:synology:safe_access:1.2.4-0244
-
cpe:2.3:a:synology:safe_access:1.3-0319
-
cpe:2.3:a:synology:safe_access:1.3.1-0326
-
cpe:2.3:o:synology:router_manager:1.3