cbcvebase.
CVE-2025-10466
published 2026-05-27

CVE-2025-10466: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329…

PriorityP422medium5.9CVSS 3.1
AVNACLPRHUIRSCCLILAL
EPSS
0.27%
17.8th percentile
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.

Affected

2 ranges
VendorProductVersion rangeFixed in
synologysafe_access< 1.3.1-03291.3.1-0329
synologysafe_access>= * < 1.3.1-03291.3.1-0329
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.