Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN636
_____________________________________________________________________

DATE                : 23/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Safe Access for SRM versions 1.3
                                 prior to 1.3.1-0329.

=====================================================================
https://www.synology.com/fr-fr/security/advisory/Synology_SA_25_11
_____________________________________________________________________

Synology-SA-25:11 Safe Access

Publish Time: 2025-09-16 13:56:00 UTC+8

Last Updated: 2025-09-16 13:59:26 UTC+8

Severity       Moderate

Status         Resolved


Abstract

Synology has released a security update for the Safe Access package
in SRM to address a vulnerability:

            CVE-2025-10466 allows remote authenticated users with
administrator privileges to read or write limited files.

Please refer to the 'Affected Products' table for the corresponding
updates.


Affected Products

Product                    Severity    Fixed Release Availability

Safe Access for SRM 1.3    Moderate   Upgrade to 1.3.1-0329 or
                                                above.


Mitigation

None


Detail

    CVE-2025-10466
        Severity: Moderate
        CVSS3 Base Score: 5.9
        CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
        CWE-79: Improper Neutralization of Input During Web Page
         Generation ('Cross-site Scripting')
        ** RESERVED ** This candidate has been reserved by an
         organization or individual that will use it when
         announcing a new security problem. When the candidate
         has been publicized, the details for this candidate
         will be provided.


Acknowledgement

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), 
tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)


Revision

Revision 	Date 	Description

1 	2025-09-16 	Initial public release.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================