{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-1789","assignerOrgId":"f2b06212-cb4b-41a4-9501-fa2e367495b8","state":"PUBLISHED","assignerShortName":"Genetec","dateReserved":"2025-02-28T17:07:08.574Z","datePublished":"2026-02-24T18:47:24.913Z","dateUpdated":"2026-02-26T14:44:07.658Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f2b06212-cb4b-41a4-9501-fa2e367495b8","shortName":"Genetec","dateUpdated":"2026-02-24T18:47:24.913Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-276","description":"Incorrect Default Permissions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233: Privilege Escalation"}]}],"affected":[{"vendor":"Genetec Inc.","product":"Genetec Update Service","platforms":["Windows"],"versions":[{"status":"affected","versionType":"semver","version":"<2.10.600"},{"status":"unaffected","versionType":"semver","version":">=2.10.600"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system."}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"baseScore":5.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C","version":"4.0"}}],"solutions":[{"lang":"en","value":"This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."}],"references":[{"url":"https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"}],"credits":[{"lang":"en","type":"finder","value":"Rutger Flohil"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-1789","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-02-26T04:56:04.010019Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T14:44:07.658Z"}}]}}