CVE-2025-10941 | THREATINT

Description

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. The vendor was contacted early about this disclosure but did not respond in any way.

In Topaz SERVCore Teller 2.14.0-RC2/2.14.1 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei SERVCoreTeller_2.0.40D.msi der Komponente Installer. Durch die Manipulation mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen.

PUBLISHED Reserved 2025-09-25 | Published 2025-09-25 | Updated 2025-09-25 | Assigner VulDB

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R

HIGH: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R

6.8AV:L/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR

Problem types

Permission Issues

Incorrect Privilege Assignment

Product status

2.14.0-RC2

affected

2.14.1

affected

Timeline

2025-09-25:	Advisory disclosed
2025-09-25:	VulDB entry created
2025-09-25:	VulDB entry last update

References

vuldb.com/?id.325811 (VDB-325811 | Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission) vdb-entry

vuldb.com/?ctiid.325811 (VDB-325811 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.651434 (Submit #651434 | Topaz SERVCore® Teller Installer V2.14.0-RC2 [2.14.1] Local Privilege Escalation) third-party-advisory

raw.githubusercontent.com/...n SERVCore Teller Installer.txt related

cve.org (CVE-2025-10941)

nvd.nist.gov (CVE-2025-10941)

Download JSON