CVE-2025-1787

MEDIUM EPSS 0.5%

Published Feb 24, 20264mo ago · Modified Apr 26, 20262mo ago

5.8 CVSS 4.0

Medium

Published Feb 24, 2026 4mo ago

Last Modified Apr 26, 2026 2mo ago

Description

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

CVSS Details

Base Score

5.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:C/RE:X/U:X

Attack Vector Local

Attack Complexity High

Privileges Required Low

User Interaction None

Scope P

Threat Intelligence

EPSS Exploit Probability

0.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-346

Affected Products 1

Vendor	Product	Version	Range
genetec	genetec_update_service	*	<2.10.6

References 1

techdocs.genetec.com https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10

Release NotesVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.