{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1787", "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8", "state": "PUBLISHED", "assignerShortName": "Genetec", "dateReserved": "2025-02-28T17:05:57.628Z", "datePublished": "2026-02-24T18:44:36.705Z", "dateUpdated": "2026-02-24T18:44:36.705Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8", "shortName": "Genetec", "dateUpdated": "2026-02-24T18:44:36.705Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-200", "descriptions": [{"lang": "en", "value": "CAPEC-200: Removal of filters: Input filters, output filters, data masking"}]}], "affected": [{"vendor": "Genetec Inc.", "product": "Genetec Update Service", "platforms": ["Windows"], "versions": [{"status": "affected", "versionType": "semver", "version": "<2.10.600"}, {"status": "unaffected", "versionType": "semver", "version": ">=2.10.600"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C", "version": "4.0"}}], "solutions": [{"lang": "en", "value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."}], "references": [{"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"}], "credits": [{"lang": "en", "type": "finder", "value": "Rutger Flohil"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."}], "id": "CVE-2025-1787", "lastModified": "2026-02-24T20:27:42.413", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "HIGH", "exploitMaturity": "UNREPORTED", "integrityRequirement": "HIGH", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "HIGH", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "HIGH", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "HIGH", "modifiedVulnConfidentialityImpact": "HIGH", "modifiedVulnIntegrityImpact": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:H/MVI:H/MVA:H/MSC:X/MSI:H/MSA:H/S:P/AU:N/R:X/V:C/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@genetec.com", "type": "Secondary"}]}, "published": "2026-02-24T20:27:42.413", "references": [{"source": "security@genetec.com", "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"}], "sourceIdentifier": "security@genetec.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "security@genetec.com", "type": "Secondary"}]}

{}

{}