Primary

Context

Milestone Systems XProtect Password Reset Vulnerability

Vulnerability

Patched

A vulnerability exists in the Milestone XProtect installer that resets the system configuration password during upgrades from older versions, using certain installers. This password is an optional security feature on the Management Server. Systems upgraded with the 2024 R1 or 2024 R2 release installer are vulnerable, while those upgraded from 2023 R3 or earlier with version 2025 R1 and newer are not affected.

Impact

The vulnerability leads to an unauthorized reset of the system configuration password, potentially allowing unauthorized access to password-protected backups.

Remediation

Users are advised to update the system configuration password through the Milestone XProtect GUI. For those who have upgraded to XProtect 2024 R1 or R2, it is recommended to update to XProtect 2025 R1.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Milestone Systems XProtect Password Reset Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Milestone XProtect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating