CVE-2026-25112 PUBLISHED

Assigner: Genetec
Reserved: 04.03.2026 Published: 26.05.2026 Updated: 26.05.2026

A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor Genetec Inc.
Product Genetec RabbitMQ
Versions Default: unaffected
  • Version <3.13.7.19 is affected
  • Version >=3.13.7.19 is unaffected
Vendor Genetec Inc.
Product Genetec Mission Control
Versions Default: unaffected
  • Version <3.4.1.0 is affected
  • Version >=3.4.1.0 is unaffected
Vendor Genetec Inc.
Product Genetec Sipelia
Versions Default: unaffected
  • Version <2.11 is affected
  • Version >=2.11 is unaffected
Vendor Genetec Inc.
Product Genetec Industrial IoT
Versions Default: unaffected
  • Version <5.5.118.0 is affected
  • Version >=5.5.118.0 is unaffected
  • Version <6.0.196.0 is affected
  • Version >=6.0.196.0 is unaffected
Vendor Genetec Inc.
Product Genetec Airport Operational Manager
Versions Default: unaffected
  • Version <1.6 is affected
  • Version >=1.6 is unaffected
Vendor Genetec Inc.
Product Genetec Restricted Security Area
Versions Default: unaffected
  • Version <5.2.1 is affected
  • Version >=5.2.1 is unaffected
Vendor Genetec Inc.
Product Genetec Inter-System Gateway
Versions Default: unaffected
  • Version <1.2 is affected
  • Version >=1.2 is unaffected

Credits

  • Johannes Kruchem & Christian Hager from SEC Consult Vulnerability Lab. finder

References

Problem Types

  • CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE

Impacts

  • CAPEC-642: Replace Binaries