Description

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

INFO

Published Date :

2025-12-16T11:02:25.199Z

Last Modified :

2025-12-16T14:51:38.048Z

Source :

Milestone
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0836 vulnerability.

Vendors Products
Milestone Systems
  • Xprotect Vms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0836.

URL Resource
https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/Milestone_Security_Advisory.html
https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-cumulative-patches-complete-list?language=en_US cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact