VYPR
Medium severity5.9NVD Advisory· Published May 27, 2026· Updated Jun 2, 2026

CVE-2025-10466

CVE-2025-10466

Description

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:synology:safe_access:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:synology:safe_access:*:*:*:*:*:*:*:*range: <1.3.1-0329
    • (no CPE)range: <1.3.1-0329

Patches

Vulnerability mechanics

References

1

News mentions

1