Medium severity5.9NVD Advisory· Published May 27, 2026· Updated Jun 2, 2026
CVE-2025-10466
CVE-2025-10466
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:synology:safe_access:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:synology:safe_access:*:*:*:*:*:*:*:*range: <1.3.1-0329
- (no CPE)range: <1.3.1-0329
Patches
Vulnerability mechanics
References
1- www.synology.com/en-global/security/advisory/Synology_SA_25_11nvdVendor Advisory
News mentions
1- Synology: 10 CVEs Disclosed Across NAS, BeeStation, and Backup ProductsVypr Intelligence · May 27, 2026