CVE-2025-1688 — MEDIUM (5.5)

Vulnerability Description

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the Management Server. To mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure. Any system upgraded with 2024 R1 or 2024 R2 release installer is vulnerable to this issue. Systems upgraded from 2023 R3 or older with version 2025 R1 and newer are not affected.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Related Weaknesses (CWE)

CWE-1394

References

https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US

FAQ

What is CVE-2025-1688?

CVE-2025-1688 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. ...

How severe is CVE-2025-1688?

CVE-2025-1688 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-1688?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.