CVE-2025-26263

CVSS 5.1 MEDIUMEPSS 1.3%CWE-200

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.1EPSS 1.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

26 Feb 2025Public PoC

28 Feb 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/DRAGOWN/CVE-2025-26263★ 6 exploitdbwww.exploit-db.com/exploits/52423unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/DRAGOWN/CVE-2025-26263 https://www.geovision.com.tw/download/product/GV-ASManager https://www.geovision.com.tw/download/product/GV-ASManager%20%28Access%20Control%29