CVE-2025-10941

HIGH

Topaz SERVCore Teller <2.14.1 - Privilege Escalation

Title source: llm

Description

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. You should upgrade the affected component. The vendor explains, that "this vulnerability was detected at the beginning of 2025, it was remediated because the latest published version of the installer no longer uses "nssm," which is responsible for this vulnerability".

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.325811

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.325811

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.651434

Various Sources related

https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20Local%20Privilege%20Escalation%20via%20Insecure%20Directory%20Permissions%20in%20SERVCore%20Teller%20Installer.txt

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-266 CWE-275

Status published

Products (2)

Topaz/SERVCore Teller 2.14.0-RC2

Topaz/SERVCore Teller 2.14.1

Published Sep 25, 2025

Tracked Since Feb 18, 2026