Home

Description

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

PUBLISHED Reserved 2025-01-29 | Published 2025-12-16 | Updated 2025-12-16 | Assigner Milestone




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

23.1 (custom) before 23.1.157.1.1470
affected

23.2 (custom) before 23.2.21.1.398
affected

23.3 (custom) before 23.3.72.1.466
affected

24.1 (custom) before 24.1.12292.2279
affected

24.2 (custom) before 24.2.14561.2270
affected

25.1 (custom) before 25.1.15990.2272
affected

References

supportcommunity.milestonesys.com/...-control?language=en_US vendor-advisory

supportcommunity.milestonesys.com/...ete-list?language=en_US patch

cve.org (CVE-2025-0836)

nvd.nist.gov (CVE-2025-0836)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.