{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1787", "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8", "state": "PUBLISHED", "assignerShortName": "Genetec", "dateReserved": "2025-02-28T17:05:57.628Z", "datePublished": "2026-02-24T18:44:36.705Z", "dateUpdated": "2026-02-26T14:44:07.839Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8", "shortName": "Genetec", "dateUpdated": "2026-02-24T18:44:36.705Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-200", "descriptions": [{"lang": "en", "value": "CAPEC-200: Removal of filters: Input filters, output filters, data masking"}]}], "affected": [{"vendor": "Genetec Inc.", "product": "Genetec Update Service", "platforms": ["Windows"], "versions": [{"status": "affected", "versionType": "semver", "version": "<2.10.600"}, {"status": "unaffected", "versionType": "semver", "version": ">=2.10.600"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C", "version": "4.0"}}], "solutions": [{"lang": "en", "value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."}], "references": [{"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"}], "credits": [{"lang": "en", "type": "finder", "value": "Rutger Flohil"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1787", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T04:56:05.875817Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:07.839Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1787", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T04:56:05.875817Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:16:36.432Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Rutger Flohil"}], "impacts": [{"capecId": "CAPEC-200", "descriptions": [{"lang": "en", "value": "CAPEC-200: Removal of filters: Input filters, output filters, data masking"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Genetec Inc.", "product": "Genetec Update Service", "versions": [{"status": "affected", "version": "<2.10.600", "versionType": "semver"}, {"status": "unaffected", "version": ">=2.10.600", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."}], "references": [{"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"}], "descriptions": [{"lang": "en", "value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error"}]}], "providerMetadata": {"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8", "shortName": "Genetec", "dateUpdated": "2026-02-24T18:44:36.705Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1787", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:07.839Z", "dateReserved": "2025-02-28T17:05:57.628Z", "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8", "datePublished": "2026-02-24T18:44:36.705Z", "assignerShortName": "Genetec"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genetec:genetec_update_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A7711A6-9F7D-4FFA-9B9B-BA2BF6C162C7", "versionEndExcluding": "2.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."}], "id": "CVE-2025-1787", "lastModified": "2026-02-26T18:00:15.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "HIGH", "exploitMaturity": "UNREPORTED", "integrityRequirement": "HIGH", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "HIGH", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "HIGH", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "HIGH", "modifiedVulnConfidentialityImpact": "HIGH", "modifiedVulnIntegrityImpact": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:H/MVI:H/MVA:H/MSC:X/MSI:H/MSA:H/S:P/AU:N/R:X/V:C/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@genetec.com", "type": "Secondary"}]}, "published": "2026-02-24T20:27:42.413", "references": [{"source": "security@genetec.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"}], "sourceIdentifier": "security@genetec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "security@genetec.com", "type": "Secondary"}]}

{}