fkie_cve-2025-1688
Vulnerability from fkie_nvd
Published
2025-04-15 11:15
Modified
2025-04-15 18:39
Severity ?
Summary
Milestone Systems has discovered a
security vulnerability in Milestone XProtect installer that resets system
configuration password after the upgrading from older versions using specific
installers.
The system configuration
password is an additional, optional protection that is enabled on the
Management Server.
To mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.
Any system upgraded with
2024 R1 or 2024 R2 release installer is vulnerable to this issue.
Systems upgraded from 2023
R3 or older with version 2025 R1 and newer are not affected.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.\n\n\n\nThe system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.\n\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.\n\n\n\nAny system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.\n\n\n\nSystems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected."
},
{
"lang": "es",
"value": "Milestone Systems ha descubierto una vulnerabilidad de seguridad en el instalador de Milestone XProtect que restablece la contrase\u00f1a de configuraci\u00f3n del sistema tras actualizar desde versiones anteriores con instaladores espec\u00edficos. La contrase\u00f1a de configuraci\u00f3n del sistema es una protecci\u00f3n adicional y opcional que est\u00e1 habilitada en el Servidor de Administraci\u00f3n. Para mitigar el problema, recomendamos encarecidamente actualizar la contrase\u00f1a de configuraci\u00f3n del sistema mediante la interfaz gr\u00e1fica de usuario siguiendo el procedimiento est\u00e1ndar. Cualquier sistema actualizado con el instalador de la versi\u00f3n 2024 R1 o 2024 R2 es vulnerable a este problema. Los sistemas actualizados desde la versi\u00f3n 2023 R3 o anterior con la versi\u00f3n 2025 R1 y posteriores no se ven afectados.\n"
}
],
"id": "CVE-2025-1688",
"lastModified": "2025-04-15T18:39:27.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.7,
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"type": "Secondary"
}
]
},
"published": "2025-04-15T11:15:44.140",
"references": [
{
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000069835\u0026lang=en_US"
}
],
"sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…