A critical local privilege escalation vulnerability (CVE-2026-25112) has been identified in the RabbitMQ component provided with various Genetec products. The flaw originates from insecure directory permissions in C:\ProgramData\Genetec\RabbitMQ, which is writable by any authenticated user. The erl.exe process, running with LOCAL SERVICE privileges, attempts to execute a non-existent file named handle.exe from this location, allowing an attacker to plant a malicious binary.
Successful exploitation allows an attacker to gain SYSTEM level privileges by leveraging the SeImpersonatePrivilege assigned to the LOCAL SERVICE account, often through techniques like the "Rotten Potato" attack. Genetec has released patches and a specific mitigation utility to address the issue across affected product lines, including Mission Control, Industrial IoT, and Sipelia. Users are advised to either apply the updates or manually restrict access to the vulnerable directory.
Top comments (0)