Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.8
Genetec Update Service Web Page Leaks Confidential Data
CVE-2025-1787
Summary
An authorized administrator can access sensitive information on the Genetec Update Service configuration web page. This could lead to unauthorized access to sensitive data. To mitigate this, ensure only necessary staff have admin privileges and regularly review access rights.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| genetec | genetec_update_service | <= 2.10.6 | – |
Original title
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated priv...
Original description
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.
nvd CVSS3.1
4.2
nvd CVSS4.0
5.8
Vulnerability type
CWE-346
- https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Servi... Release Notes Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026