U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2025-1688

Change History

New CVE Received from Milestone 4/15/2025 7:15:44 AM

Action Type Old Value New Value
Added Description 

								
							
							
								
							
						
								
							
								
Milestone Systems has discovered a
security vulnerability in Milestone XProtect installer that resets system
configuration password after the upgrading from older versions using specific
installers.



The system configuration
password is an additional, optional protection that is enabled on the
Management Server.


To mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.



Any system upgraded with
2024 R1 or 2024 R2 release installer is vulnerable to this issue.



Systems upgraded from 2023
R3 or older with version 2025 R1 and newer are not affected.

								
								
					

					

						Added
						CVSS V4.0
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

								
								
					

					

						Added
						CVSS V3.1
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

								
								
					

					

						Added
						CWE
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
CWE-311

								
								
					

					

						Added
						Reference
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
https://supportcommunity.milestonesys.com/KBRedir?art=000069835&lang=en_US