Risk Scores
CVSS v4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.05%
15.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Milestone Systems | XProtect VMS | 23.1, 23.2, 23.3 |
Timeline
- Jan 29, 2025 CVE ID Reserved
- Dec 16, 2025 EPSS Score
- Dec 16, 2025 CVE Published
- Dec 16, 2025 CVE Updated
- Dec 19, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 12, 2026 EPSS Score
References
- https://supportcommunity.milestonesys.com/s/article/CVE-2025-0836-XProtect-MIP-API-broken-access-control?language=en_US vendor-advisory
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-cumulative-patches-complete-list?language=en_US patch
- https://nvd.nist.gov/vuln/detail/CVE-2025-0836 advisory
- https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/Milestone_Security_Advisory.html url