2026-02-24 18:47CVE-2025-1789Genetec
PUBLISHED5.2CWE-276

Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Problem type

Affected products

Genetec Inc.

Genetec Update Service

<2.10.600 - AFFECTED

>=2.10.600 - UNAFFECTED

References

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-1789
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-1789",
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "dateUpdated": "2026-02-24T18:47:24.913Z",
    "dateReserved": "2025-02-28T17:07:08.574Z",
    "datePublished": "2026-02-24T18:47:24.913Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec",
        "dateUpdated": "2026-02-24T18:47:24.913Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system."
        }
      ],
      "affected": [
        {
          "vendor": "Genetec Inc.",
          "product": "Genetec Update Service",
          "platforms": [
            "Windows"
          ],
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "<2.10.600",
              "status": "affected",
              "versionType": "semver"
            },
            {
              "version": ">=2.10.600",
              "status": "unaffected",
              "versionType": "semver"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Incorrect Default Permissions",
              "cweId": "CWE-276",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233: Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rutger Flohil",
          "type": "finder"
        }
      ]
    }
  }
}