CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13167

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.synology.com/en-global/security/advisory/Synology_SA_25_13

Products affected by CVE-2025-13167

Synology » Contacts » Version: 1.0.1-0330

cpe:2.3:a:synology:contacts:1.0.1-0330
Synology » Contacts » Version: 1.0.2-0389

cpe:2.3:a:synology:contacts:1.0.2-0389
Synology » Contacts » Version: 1.0.2-10389

cpe:2.3:a:synology:contacts:1.0.2-10389
Synology » Contacts » Version: 1.0.3-0478

cpe:2.3:a:synology:contacts:1.0.3-0478
Synology » Contacts » Version: 1.0.3-10478

cpe:2.3:a:synology:contacts:1.0.3-10478
Synology » Contacts » Version: 1.0.4-0482

cpe:2.3:a:synology:contacts:1.0.4-0482
Synology » Contacts » Version: 1.0.4-10482

cpe:2.3:a:synology:contacts:1.0.4-10482
Synology » Contacts » Version: 1.0.5-10492

cpe:2.3:a:synology:contacts:1.0.5-10492
Synology » Contacts » Version: 1.0.6-20501

cpe:2.3:a:synology:contacts:1.0.6-20501
Synology » Contacts » Version: 1.0.7-20550

cpe:2.3:a:synology:contacts:1.0.7-20550
Synology » Contacts » Version: 1.0.8-20606

cpe:2.3:a:synology:contacts:1.0.8-20606
Synology » Contacts » Version: 1.0.9-20656

cpe:2.3:a:synology:contacts:1.0.9-20656
Synology » Diskstation Manager » Version: 7.2.1

cpe:2.3:o:synology:diskstation_manager:7.2.1
Synology » Diskstation Manager » Version: 7.2.2

cpe:2.3:o:synology:diskstation_manager:7.2.2
Synology » Diskstation Manager » Version: 7.3

cpe:2.3:o:synology:diskstation_manager:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13167

Products

Pricing

Contact Us