Опубликовано: 16 дек. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 5.3
CVSS3: 6.3
Описание
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-0836
- https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/Milestone_Security_Advisory.html
- https://supportcommunity.milestonesys.com/s/article/CVE-2025-0836-XProtect-MIP-API-broken-access-control?language=en_US
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-cumulative-patches-complete-list?language=en_US
Связанные уязвимости
CVSS3: 6.3
nvd
около 2 месяцев назад
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.