Security Flaw in Milestone XProtect Installer by Milestone Systems
CVE-2025-1688

5.5MEDIUM

Key Information:

Vendor: Milestone Systems
Status: Xprotect Vms
Vendor: CVE Published:; 15 April 2025

🔔 Create Milestone Systems Vulnerability Alert

What is CVE-2025-1688?

Milestone Systems has identified a security flaw in the Milestone XProtect installer that unintentionally resets the system configuration password during upgrades from specific older versions. This optional safety feature, which helps secure the Management Server, can be compromised, leading to potential unauthorized access. Organizations utilizing the 2024 R1 or 2024 R2 installers should take immediate action to update their system configuration passwords through the GUI to safeguard their installations. Systems that upgraded from the 2023 R3 version or older to the 2025 R1 and later are not impacted by this vulnerability.

Affected Version(s)

XProtect VMS Windows 24.1 <= 24.2

References

https://supportcommunity.milestonesys.com/KBRedir?art=000...

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Feb 25, 2025

JSON