CVE-2025-1787

MEDIUM

Genetec Update Service - Privilege Escalation

Title source: llm

Description

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

References (1)

[Various Sources] https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10

Scores

CVSS v3 4.2

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-346

Status published

Affected Products (1)

genetec/genetec_update_service < 2.10.6

Timeline

Published Feb 24, 2026

Tracked Since Feb 25, 2026