{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1688", "assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8", "state": "PUBLISHED", "assignerShortName": "Milestone", "dateReserved": "2025-02-25T11:00:41.371Z", "datePublished": "2025-04-15T10:13:51.549Z", "dateUpdated": "2025-04-15T13:00:12.628Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "XProtect VMS", "vendor": "Milestone Systems", "versions": [{"lessThanOrEqual": "24.2", "status": "affected", "version": "24.1", "versionType": "custom"}]}], "datePublic": "2025-04-15T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.<br>\n\n<br>The system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.<br>\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.<br>\n\n<br>Any system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.<br>\n\n<br>Systems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected.<br>"}], "value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.\n\n\n\nThe system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.\n\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.\n\n\n\nAny system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.\n\n\n\nSystems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected."}], "impacts": [{"capecId": "CAPEC-620", "descriptions": [{"lang": "en", "value": "CAPEC-620 Drop Encryption Level"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.5, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8", "shortName": "Milestone", "dateUpdated": "2025-04-15T10:18:28.979Z"}, "references": [{"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To mitigate the issue, we highly recommend updating system configuration password with following procedure: \n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://doc.milestonesys.com/latest/en-US/standard_features/sf_mc/sf_maintenance/mc_backingupandrestoring.htm?Highlight=System%20configuration%20password%20(explained)#Changethesystemconfigurationpasswordsettings\">Backing up and restoring system configuration - XProtect VMS products | Milestone Documentation 2024 R2</a>"}], "value": "To mitigate the issue, we highly recommend updating system configuration password with following procedure: \n\n Backing up and restoring system configuration - XProtect VMS products | Milestone Documentation 2024 R2 https://doc.milestonesys.com/latest/en-US/standard_features/sf_mc/sf_maintenance/mc_backingupandrestoring.htm"}], "source": {"discovery": "INTERNAL"}, "title": "System configuration password reset", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T12:59:59.303030Z", "id": "CVE-2025-1688", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T13:00:12.628Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1688", "assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8", "state": "PUBLISHED", "assignerShortName": "Milestone", "dateReserved": "2025-02-25T11:00:41.371Z", "datePublished": "2025-04-15T10:13:51.549Z", "dateUpdated": "2025-04-15T13:00:12.628Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "XProtect VMS", "vendor": "Milestone Systems", "versions": [{"lessThanOrEqual": "24.2", "status": "affected", "version": "24.1", "versionType": "custom"}]}], "datePublic": "2025-04-15T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.<br>\n\n<br>The system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.<br>\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.<br>\n\n<br>Any system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.<br>\n\n<br>Systems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected.<br>"}], "value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.\n\n\n\nThe system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.\n\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.\n\n\n\nAny system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.\n\n\n\nSystems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected."}], "impacts": [{"capecId": "CAPEC-620", "descriptions": [{"lang": "en", "value": "CAPEC-620 Drop Encryption Level"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.5, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8", "shortName": "Milestone", "dateUpdated": "2025-04-15T10:18:28.979Z"}, "references": [{"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To mitigate the issue, we highly recommend updating system configuration password with following procedure: \n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://doc.milestonesys.com/latest/en-US/standard_features/sf_mc/sf_maintenance/mc_backingupandrestoring.htm?Highlight=System%20configuration%20password%20(explained)#Changethesystemconfigurationpasswordsettings\">Backing up and restoring system configuration - XProtect VMS products | Milestone Documentation 2024 R2</a>"}], "value": "To mitigate the issue, we highly recommend updating system configuration password with following procedure: \n\n Backing up and restoring system configuration - XProtect VMS products | Milestone Documentation 2024 R2 https://doc.milestonesys.com/latest/en-US/standard_features/sf_mc/sf_maintenance/mc_backingupandrestoring.htm"}], "source": {"discovery": "INTERNAL"}, "title": "System configuration password reset", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1688", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T12:59:59.303030Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T13:00:07.365Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.\n\n\n\nThe system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.\n\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.\n\n\n\nAny system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.\n\n\n\nSystems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected."}], "id": "CVE-2025-1688", "lastModified": "2025-04-15T18:39:27.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.7, "source": "cf45122d-9d50-442a-9b23-e05cde9943d8", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cf45122d-9d50-442a-9b23-e05cde9943d8", "type": "Secondary"}]}, "published": "2025-04-15T11:15:44.140", "references": [{"source": "cf45122d-9d50-442a-9b23-e05cde9943d8", "url": "https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US"}], "sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "cf45122d-9d50-442a-9b23-e05cde9943d8", "type": "Secondary"}]}

{}