CVE-2025-1787
Summary
| CVE | CVE-2025-1787 |
|---|---|
| State | PUBLISHED |
| Assigner | Genetec |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-02-24 20:27:42 UTC |
| Updated | 2026-04-26 18:49:05 UTC |
| Description | Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation. |
Risk And Classification
Primary CVSS: v4.0 5.8 MEDIUM from [email protected]
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:C/RE:X/U:X
Problem Types: CWE-346 | CWE-346 CWE-346: Origin Validation Error
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 5.8 | MEDIUM | CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/C... |
| 4.0 | CNA | CVSS | 5.8 | MEDIUM | CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/C... |
| 3.1 | [email protected] | Primary | 4.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
HighAttack Requirements
PresentPrivileges Required
LowUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
HighSub Integrity
HighSub Availability
HighCVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:C/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
LowAvailability
LowCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Genetec | Genetec Update Service | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Genetec Inc. | Genetec Update Service | affected <2.10.600 semver | Windows |
| CNA | Genetec Inc. | Genetec Update Service | unaffected >=2.10.600 semver | Windows |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Re... | [email protected] | techdocs.genetec.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Rutger Flohil (en)
Additional Advisory Data
Solutions
CNA: This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves.
There are currently no legacy QID mappings associated with this CVE.