XProtect MIP API Missing Authorization_CVE-2025-0836

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

Basic Information

ID CVE-2025-0836

Source Milestone

Published Dec 16, 2025 at 11:02

Affected Product

Vendor Milestone Systems

Product XProtect VMS

Version 23.1

Affected Versions Milestone Systems XProtect VMS 23.1
Milestone Systems XProtect VMS 23.2
Milestone Systems XProtect VMS 23.3
Milestone Systems XProtect VMS 24.1
Milestone Systems XProtect VMS 24.2
Milestone Systems XProtect VMS 25.1

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.",
    "published": "2025-12-16T11:02:25.199Z",
    "modified": "2025-12-16T11:02:25.199Z",
    "type": "cve",
    "title": "XProtect MIP API Missing Authorization",
    "source": "Milestone",
    "references": "https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/Milestone_Security_Advisory.html\nhttps://supportcommunity.milestonesys.com/s/article/XProtect-VMS-cumulative-patches-complete-list?language=en_US",
    "id": "CVE-2025-0836",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Milestone Systems XProtect VMS 23.1\nMilestone Systems XProtect VMS 23.2\nMilestone Systems XProtect VMS 23.3\nMilestone Systems XProtect VMS 24.1\nMilestone Systems XProtect VMS 24.2\nMilestone Systems XProtect VMS 25.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "XProtect VMS",
    "version": "23.1",
    "vendor": "Milestone Systems",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}