Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-43027

Summary
Assigner-Genetec
Assigner Org ID-f2b06212-cb4b-41a4-9501-fa2e367495b8
Published At-30 Oct, 2025 | 14:12
Updated At-26 Feb, 2026 | 16:56
Rejected At-
Credits

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Genetec
Assigner Org ID:f2b06212-cb4b-41a4-9501-fa2e367495b8
Published At:30 Oct, 2025 | 14:12
Updated At:26 Feb, 2026 | 16:56
Rejected At:
▼CVE Numbering Authority (CNA)

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.

Affected Products
Vendor
Genetec Inc.
Product
Genetec Security Center
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • <5.9.5.10 (semver)
  • >=5.10.0.0 <5.10.4.29 (semver)
  • >=5.11.0.0 <5.11.3.25 (semver)
  • >=5.12.0.0 <5.12.2.12 (semver)
  • >=5.13.0.0 <5.13.2.3 (semver)
Unaffected
  • >=5.9.5.10 (semver)
  • >=5.10.4.29 (semver)
  • >=5.11.3.25 (semver)
  • >=5.12.2.12 (semver)
  • >=5.13.2.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115: Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115: Authentication Bypass
Solutions

This issue is fixed in Security Center 5.13.2.3, 5.12.2.12, 5.11.3.25, 5.10.4.29, 5.9.5.10 and all later versions. Customers running an affected version of Security Center should apply the latest update as soon as possible. Customers not using AutoVu automatic license plate recognition (ALPR) should deactivate the ALPR Manager role. You can find out how by searching Deactivating and activating roles in the TechDoc Hub.

Configurations
Workarounds

If the ALPR Manager role must be used and the Security Center instance cannot be updated promptly, the system administrator should reduce exposure to the system. This can be done by restricting network access to trusted sources and enforcing secure connectivity measures, such as VPN or equivalent controls.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-center
N/A
https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-center
N/A
Hyperlink: https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-center
Resource: N/A
Hyperlink: https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-center
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@genetec.com
Published At:30 Oct, 2025 | 15:15
Updated At:04 Nov, 2025 | 15:41

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-284Secondarysecurity@genetec.com
CWE ID: CWE-284
Type: Secondary
Source: security@genetec.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-centersecurity@genetec.com
N/A
https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-centersecurity@genetec.com
N/A
Hyperlink: https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-center
Source: security@genetec.com
Resource: N/A
Hyperlink: https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-center
Source: security@genetec.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

402Records found
CVE-2020-15181
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.23% / 45.64%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 17:55
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin account takeover in Alfresco Reset Password

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

Action-Not Available
Vendor-alfrescoFlexSolution
Product-reset_passwordAlfrescoResetPassword
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-20
Improper Input Validation
CVE-2024-7920
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 78.81%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control

A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-jielink\+_jsotc2016_projectAnhui Deshun Intelligent Technologyanhui_deshun_intelligent_technology
Product-jielink\+_jsotc2016Jieshun JieLink+ JSOTC2016jieshun_jielink_plus_jsotc2016
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • Next
Details not found