Skip to main content

Genetec RabbitMQ CVE-2026-25112

| EUVDEUVD-2026-31848 HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-05-26 Genetec GHSA-7vxw-69v7-42x7
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 10:02 vuln.today
Patch available
May 26, 2026 - 17:02 EUVD

DescriptionCVE.org

A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.

AnalysisAI

Local privilege escalation in Genetec RabbitMQ deployments and multiple dependent Genetec products allows a low-privileged local user to gain high-impact control over confidentiality, integrity, and availability. The flaw stems from incorrect permission assignment (CWE-732) in how Genetec deploys RabbitMQ, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating minimal predicted exploitation activity. The vendor (Genetec) discovered and disclosed the issue and has released fixed versions across the affected product line.

Technical ContextAI

The vulnerability resides in how Genetec packages and deploys the RabbitMQ message broker - a widely used AMQP messaging service - within its physical security and operations product suite. CPE data confirms impact across at least seven Genetec products that bundle the affected RabbitMQ deployment: Genetec RabbitMQ itself, Mission Control, Sipelia, Industrial IoT, Airport Operational Manager, Restricted Security Area, and Inter-System Gateway. The root cause is CWE-732 (Incorrect Permission Assignment for Critical Resource), meaning files, directories, services, or configuration objects associated with the RabbitMQ deployment are configured with overly permissive ACLs, allowing a local user with limited rights to modify or execute resources reserved for higher-privileged accounts (typically SYSTEM or the RabbitMQ service account).

RemediationAI

Apply the vendor-released patched versions per the Genetec security advisory: upgrade Genetec RabbitMQ to 3.13.7.19 or later, Mission Control to 3.4.1.0+, Sipelia to 2.11+, Industrial IoT to 6.0.196.0+ (or 5.5.118.0+ on the 5.x branch), Airport Operational Manager to 1.6+, Restricted Security Area to 5.2.1+, and Inter-System Gateway to 1.2+. Full details and downloads are available at https://resources.genetec.com/security-advisories/vulnerability-affecting-rabbitmq-deployment-in-genetec-products. Until patching is complete, compensating controls should focus on the local attack vector: restrict interactive and remote desktop logon to Genetec servers to administrators only (which prevents low-privileged users from reaching the vulnerable resource but breaks any operator workflows that require local console access), audit and tighten NTFS/service ACLs on the RabbitMQ installation directory and service configuration (side effect: may interfere with Genetec service startup if applied incorrectly - test in staging), and ensure endpoint detection is monitoring for unusual child processes spawned by RabbitMQ or Genetec service accounts.

Share

CVE-2026-25112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy