fkie_cve-2025-26264
Vulnerability from fkie_nvd
Published
2025-02-27 22:15
Modified
2025-03-19 14:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.
References
cve@mitre.orghttps://github.com/DRAGOWN/CVE-2025-26264
cve@mitre.orghttps://www.geovision.com.tw/download/product/GV-ASManager%20%28Access%20Control%29
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/DRAGOWN/CVE-2025-26264
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with \"System Settings\" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise."
    },
    {
      "lang": "es",
      "value": "GeoVision GV-ASWeb con la versi\u00f3n 6.1.2.0 o anterior contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en su funci\u00f3n de configuraci\u00f3n de notificaciones. Un atacante autenticado con privilegios de \"Configuraci\u00f3n del sistema\" en ASWeb puede aprovechar esta falla para ejecutar comandos arbitrarios en el servidor, lo que provocar\u00eda un compromiso total del sistema."
    }
  ],
  "id": "CVE-2025-26264",
  "lastModified": "2025-03-19T14:15:39.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-27T22:15:38.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/DRAGOWN/CVE-2025-26264"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.geovision.com.tw/download/product/GV-ASManager%20%28Access%20Control%29"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/DRAGOWN/CVE-2025-26264"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.