GV-ASM-2025-04-01 GV-ASManager & Web Vulnerabilities
Posted: May 21st, 2025, 9:46 am
Release Date: 2025/04/09
Advisory ID
GV-ASM-2025-04-01
CVE ID
CVE-2025-26263
CVE-2025-26264
Affected Product
GV-ASManager V6.1.2.0 or earlier
Security Issue
The reported software has been verified on the following security vulnerabilities
CVE-2025-26263
GV-ASManager Windows desktop application with version 6.1.2.0 or earlier (fixed in version 6.2.0) is
vulnerable to credential disclosure due to improper memory handling in the ASManagerService.exe
process.
CVE-2025-26264
GV-ASWeb with version 6.1.2.0 or earlier (fixed in version 6.2.0) contains a Remote Code Execution
(RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System
Settings" privileges in GV-ASWeb may exploit this vulnerability to execute arbitrary commands on the
server, leading to a full system compromise.
Resolution
The reported vulnerabilities have been resolved in software update GV-ASManager V6.2.0,
available for download from GeoVision’s official download page:
https://www.geovision.com.tw/download/p ... 20Control)
If you have any questions or concerns in regards the cybersecurity issue, please contact our
cybersecurity team: security@geovision.com.tw.