CVE-2025-26264

HIGH

GeoVision GV-ASWeb <6.2.0 - RCE

Title source: llm

Description

GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.

Exploits (2)

exploitdb WRITEUP

by Giorgi Dograshvili · textremotewindows

https://www.exploit-db.com/exploits/52424

View Code ZIP pw:eip

nomisec WRITEUP 7 stars

by DRAGOWN · poc

https://github.com/DRAGOWN/CVE-2025-26264

View Code ZIP pw:eip

References (2)

[Various Sources] https://github.com/DRAGOWN/CVE-2025-26264

[Various Sources] https://www.geovision.com.tw/download/product/GV-ASManager%20%28Access%20Control%29

Scores

CVSS v3 8.8

EPSS 0.2954

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Published Feb 27, 2025

Tracked Since Feb 18, 2026