GeoVision GeoWebPlayer 1.1.1.0 Websocket Server function vulnerability
Summary
| CVE | CVE-2026-13125 |
|---|---|
| State | PUBLISHED |
| Assigner | GV |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-02 04:17:09 UTC |
| Updated | 2026-07-02 16:51:29 UTC |
| Description | GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. In order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it's possible to call a combination of the `create` method and `getScreenCapture` to retrieve the content of the user's screen. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from 0df08a0e-a200-4957-9bb0-084f562506f9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
EPSS: 0.002270000 probability, percentile 0.133670000 (date 2026-07-03)
Problem Types: CWE-306 | CWE-306 CWE-306 Missing authentication for critical function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | 0df08a0e-a200-4957-9bb0-084f562506f9 | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L |
| 3.1 | CNA | CVSS | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
ChangedConfidentiality
HighIntegrity
LowAvailability
LowCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | GeoVision Inc. | GeoWebPlayer | affected V1.1.1.0 | Windows, 64 bit |
| CNA | GeoVision Inc. | GeoWebPlayer | unaffected V1.1.3.0 | Windows, 64 bit |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.talosintelligence.com/vulnerability_reports/TALOS-2026-2370 | af854a3a-2127-422b-91ae-364da2661108 | www.talosintelligence.com | |
| www.geovision.com.tw/cyber_security.php | 0df08a0e-a200-4957-9bb0-084f562506f9 | www.geovision.com.tw | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Philippe Laulheret of Cisco Talos (en)
CNA: Kelly Patterson of Cisco Talos (en)
CNA: Robert Sherwin of Cisco Talos (en)
Additional Advisory Data
Solutions
CNA: The vulnerability has been patched with GeoWebPlayer V1.1.3.0
There are currently no legacy QID mappings associated with this CVE.