CVE-2025-1787

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:genetec:genetec_update_service:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-24 20:27

Updated : 2026-02-26 18:00

NVD link : CVE-2025-1787

Mitre link : CVE-2025-1787

CVE.ORG link : CVE-2025-1787

JSON object : View

Products Affected

genetec

genetec_update_service

CWE

CWE-346

Origin Validation Error

{"id": "CVE-2025-1787", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@genetec.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:H/MVI:H/MVA:H/MSC:X/MSI:H/MSA:H/S:P/AU:N/R:X/V:C/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "HIGH", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "HIGH", "modifiedVulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "HIGH", "modifiedVulnAvailabilityImpact": "HIGH", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "HIGH"}}]}, "published": "2026-02-24T20:27:42.413", "references": [{"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@genetec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@genetec.com", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."}, {"lang": "es", "value": "El administrador local podr\u00eda filtrar informaci\u00f3n de la p\u00e1gina web de configuraci\u00f3n del Servicio de Actualizaci\u00f3n de Genetec. Un usuario de Windows autenticado y con privilegios de administrador podr\u00eda explotar esta vulnerabilidad para obtener privilegios elevados en el Servicio de Actualizaci\u00f3n de Genetec. Podr\u00eda combinarse con CVE-2025-1789 para lograr una peque\u00f1a escalada de privilegios."}], "lastModified": "2026-02-26T18:00:15.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:genetec:genetec_update_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A7711A6-9F7D-4FFA-9B9B-BA2BF6C162C7", "versionEndExcluding": "2.10.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@genetec.com"}