GV-ASM-2025-04-01 GV-ASManager & Web Vulnerabilities

Security Advisory Notices
Post Reply
support
Posts: 647
Joined: December 27th, 2014, 8:37 am

GV-ASM-2025-04-01 GV-ASManager & Web Vulnerabilities

Unread post by support »


Release Date: 2025/04/09


Advisory ID
GV-ASM-2025-04-01

CVE ID
CVE-2025-26263
CVE-2025-26264

Affected Product
GV-ASManager V6.1.2.0 or earlier

Security Issue
The reported software has been verified on the following security vulnerabilities

CVE-2025-26263
GV-ASManager Windows desktop application with version 6.1.2.0 or earlier (fixed in version 6.2.0) is
vulnerable to credential disclosure due to improper memory handling in the ASManagerService.exe
process.

CVE-2025-26264
GV-ASWeb with version 6.1.2.0 or earlier (fixed in version 6.2.0) contains a Remote Code Execution
(RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System
Settings" privileges in GV-ASWeb may exploit this vulnerability to execute arbitrary commands on the
server, leading to a full system compromise.

Resolution
The reported vulnerabilities have been resolved in software update GV-ASManager V6.2.0,
available for download from GeoVision’s official download page:
https://www.geovision.com.tw/download/p ... 20Control)


If you have any questions or concerns in regards the cybersecurity issue, please contact our
cybersecurity team: security@geovision.com.tw.
Top
Post Reply

Return to “Security Advisory”