CVE-2025-1787

MEDIUM

Genetec Update Service - Privilege Escalation

Title source: llm

Description

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

References (1)

[Various Sources] https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10

Scores

CVSS v3 4.2

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-346

Status published

Products (1)

genetec/genetec_update_service < 2.10.6

Published Feb 24, 2026

Tracked Since Feb 25, 2026