Sign-up

ID

VAR-202502-2307


CVE

CVE-2025-26263


TITLE

GeoVision ASManager Windows Application Credential Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-20223

DESCRIPTION

GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. GeoVision ASManager (GV-ASManager) is an access control system developed by GeoVision, a Chinese company. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.44

sources: NVD: CVE-2025-26263 // CNVD: CNVD-2025-20223

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20223

AFFECTED PRODUCTS

vendor:geovisionmodel:asmanager windows applicationscope:lteversion:<=6.1.2.0

Trust: 0.6

sources: CNVD: CNVD-2025-20223

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-26263
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-20223
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-20223
severity: MEDIUM
baseScore: 5.0
vectorString: AV:L/AC:L/AU:M/C:C/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-26263
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-20223 // NVD: CVE-2025-26263

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2025-26263

EXTERNAL IDS

db:NVDid:CVE-2025-26263

Trust: 1.6

db:CNVDid:CNVD-2025-20223

Trust: 0.6

sources: CNVD: CNVD-2025-20223 // NVD: CVE-2025-26263

REFERENCES

url:https://www.geovision.com.tw/download/product/gv-asmanager

Trust: 1.0

url:https://github.com/dragown/cve-2025-26263

Trust: 1.0

url:https://www.geovision.com.tw/download/product/gv-asmanager%20%28access%20control%29

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-26263

Trust: 0.6

sources: CNVD: CNVD-2025-20223 // NVD: CVE-2025-26263

SOURCES

db:CNVDid:CNVD-2025-20223
db:NVDid:CVE-2025-26263

LAST UPDATE DATE

2025-09-07T22:54:40.008000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20223date:2025-09-04T00:00:00
db:NVDid:CVE-2025-26263date:2025-03-19T14:15:39.293

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20223date:2025-09-04T00:00:00
db:NVDid:CVE-2025-26263date:2025-02-28T16:15:40.127