CVE-2025-1787 | THREATINT

Description

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

PUBLISHED Reserved 2025-02-28 | Published 2026-02-24 | Updated 2026-02-24 | Assigner Genetec

MEDIUM: 5.8CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C

Problem types

CWE-346: Origin Validation Error

Product status

Default status

unaffected

<2.10.600 (semver)

affected

>=2.10.600 (semver)

unaffected

Credits

Rutger Flohil finder

References

techdocs.genetec.com/...ities-in-Genetec-Update-Service-2.10

cve.org (CVE-2025-1787)

nvd.nist.gov (CVE-2025-1787)

Download JSON