PT-2025-9031 · Geovision · Geovision Gv-Asweb

Published

2025-02-27

Updated

2025-03-27

CVE-2025-26264

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GeoVision GV-ASWeb versions 6.1.2.0 and earlier

Description The issue allows an authenticated attacker with "System Settings" privileges to execute arbitrary commands on the server, potentially leading to a full system compromise. This is achieved through the Notification Settings feature.

Recommendations For GeoVision GV-ASWeb versions 6.1.2.0 and earlier, consider restricting access to the Notification Settings feature until a fix is available. As a temporary workaround, limit the privileges of users with "System Settings" access to minimize the risk of exploitation.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-26264

Affected Products

Geovision Gv-Asweb

PT-2025-9031 · Geovision · Geovision Gv-Asweb

CVE-2025-26264

Weakness Enumeration

Related Identifiers

Affected Products

References · 11