CVE-2026-25112

Vulnerability

A privilege escalation vulnerability (CVE-2026-25112) exists in the deployment of RabbitMQ supplied by Genetec for use with Genetec products. The issue affects deployments using Genetec-provided RabbitMQ version 3.13.7.3 and earlier [1][2]. The RabbitMQ service depends on a diagnostic utility; if the environment contains unexpected or untrusted items in locations where the legitimate diagnostic utility is expected, the service may inadvertently rely on that untrusted component [1][2].

Exploitation

Successful exploitation requires local access to the machine hosting the RabbitMQ node [1][2]. An attacker with local access can place an untrusted component in a location where RabbitMQ expects the legitimate diagnostic utility. Because RabbitMQ runs with elevated privileges, the service may inadvertently execute the untrusted component, granting the attacker undue authority [1][2].

Impact

An attacker who successfully exploits this vulnerability gains elevated privileges beyond those intended [1][2]. The CVSS v3.1 base score is 7.8 (High). The attacker can achieve privilege escalation, potentially compromising the system's confidentiality, integrity, or availability depending on the privileges obtained [1][2].

Mitigation

Genetec has released RabbitMQ 3.13.7.19 for new deployments, which can be used safely without additional mitigation [1][2]. For existing deployments running affected versions, customers should execute the mitigation utility SecurityUtility_CVE-2026-25112_RabbitMQ.exe, available in GTAP, on the RabbitMQ host machine with administrator privileges [2]. If the utility cannot be applied, workarounds may be available in the advisory [2].