How severe is CVE-2025-1688?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2025-1688?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2025-1688 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the Management Server. To mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure. Any system upgraded with 2024 R1 or 2024 R2 release installer is vulnerable to this issue. Systems upgraded from 2023 R3 or older with version 2025 R1 and newer are not affected.

Related Vulnerabilities

CVE-2010-3292

MEDIUM

CVSS:5.5(Medium)

The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to ...

CWE-3112010

CVE-2012-5474

MEDIUM

CVSS:5.5(Medium)

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret k...

CWE-3112012

CVE-2018-6975

MEDIUM

CVSS:5.5(Medium)

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.

CWE-3112018

CVE-2019-15704

MEDIUM

CVSS:5.5(Medium)

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SS...

CWE-3112019

CVE-2019-16206

MEDIUM

CVSS:5.5(Medium)

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker ...

CWE-3112019

CVE-2019-16210

MEDIUM

CVSS:5.5(Medium)

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

CWE-3112019