CVE-2025-10941 (CNNVD-202509-4005)
中文标题:
Topaz SERVCore Teller 授权问题漏洞
英文标题:
Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission
漏洞描述
中文描述:
Topaz SERVCore Teller是巴西Topaz公司的一个银行服务软件。 Topaz SERVCore Teller 2.14.0-RC2版本和2.14.1版本存在授权问题漏洞,该漏洞源于文件SERVCoreTeller_2.0.40D.msi存在权限问题,可能导致本地攻击。
英文描述:
A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. You should upgrade the affected component. The vendor explains, that "this vulnerability was detected at the beginning of 2025, it was remediated because the latest published version of the installer no longer uses "nssm," which is responsible for this vulnerability".
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Topaz | SERVCore Teller | 2.14.0-RC2 | - | - |
cpe:2.3:a:topaz:servcore_teller:2.14.0-rc2:*:*:*:*:*:*:*
|
| Topaz | SERVCore Teller | 2.14.1 | - | - |
cpe:2.3:a:topaz:servcore_teller:2.14.1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
3.1 (cna)
HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C
3.0 (cna)
HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C
2.0 (cna)
MEDIUMAV:L/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:OF/RC:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-10941 |
2025-11-11 15:23:02 | 2025-11-11 07:40:04 |
| NVD | nvd_CVE-2025-10941 |
2025-11-11 15:01:04 | 2025-11-11 07:47:55 |
| CNNVD | cnnvd_CNNVD-202509-4005 |
2025-11-11 15:12:58 | 2025-11-11 08:00:14 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202509-4005
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']