{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:12:36.253","vulnerabilities":[{"cve":{"id":"CVE-2025-1688","sourceIdentifier":"cf45122d-9d50-442a-9b23-e05cde9943d8","published":"2025-04-15T11:15:44.140","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Milestone Systems has discovered a\nsecurity vulnerability in Milestone XProtect installer that resets system\nconfiguration password after the upgrading from older versions using specific\ninstallers.\n\n\n\nThe system configuration\npassword is an additional, optional protection that is enabled on the\nManagement Server.\n\n\nTo mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.\n\n\n\nAny system upgraded with\n2024 R1 or 2024 R2 release installer is vulnerable to this issue.\n\n\n\nSystems upgraded from 2023\nR3 or older with version 2025 R1 and newer are not affected."},{"lang":"es","value":"Milestone Systems ha descubierto una vulnerabilidad de seguridad en el instalador de Milestone XProtect que restablece la contraseña de configuración del sistema tras actualizar desde versiones anteriores con instaladores específicos. La contraseña de configuración del sistema es una protección adicional y opcional que está habilitada en el Servidor de Administración. Para mitigar el problema, recomendamos encarecidamente actualizar la contraseña de configuración del sistema mediante la interfaz gráfica de usuario siguiendo el procedimiento estándar. Cualquier sistema actualizado con el instalador de la versión 2024 R1 o 2024 R2 es vulnerable a este problema. Los sistemas actualizados desde la versión 2023 R3 o anterior con la versión 2025 R1 y posteriores no se ven afectados.\n"}],"metrics":{"cvssMetricV40":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":3.7}]},"weaknesses":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","type":"Secondary","description":[{"lang":"en","value":"CWE-1394"}]}],"references":[{"url":"https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US","source":"cf45122d-9d50-442a-9b23-e05cde9943d8"}]}}]}