CVE-2025-1787

Summary

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

Affected Software

VendorProductVersion RangeStatus
Genetec Inc.Genetec Update Service<2.10.600affected
Genetec Inc.Genetec Update Service>=2.10.600unaffected

Weaknesses

  • CWE-346: CWE-346: Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References