CVE-2025-26264HIGH 8.8EPSS p96.8%

CVE-2025-26264CVE-2025-26264

Description

GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS18.03% probability of exploitation · percentile 96.8% · 2026-06-18T12:00:27Z
Published2025-02-27
Last modified2026-04-15

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/DRAGOWN/CVE-2025-26264
  2. https://www.geovision.com.tw/download/product/GV-ASManager%20%28Access%20Control%29
  3. https://github.com/DRAGOWN/CVE-2025-26264

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7841
CVE
CVE-2026-42370
CVE
CVE-2026-2586
CVE
GeoVision Devices OS Command Injection Vulnerability
CVE
CVE-2026-42364
CVE
CVE-2026-20764
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.