Critical security vulnerability affecting the ALPR Manager role of Security Center

October 30, 2025 

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec™ Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild. 

Risk assessment  

This vulnerability (CVE-2025-43027) affects an endpoint used by Genetec Patroller™ to communicate with the ALPR Manager role. Successful exploitation could allow an attacker to log in as an administrator on the system. The CVSS v3.1 base score for this vulnerability is 9.8 (Critical).

Details 

The ALPR Manager has been enabled by default on all Security Center instances since version 5.11.0.0, even when the AutoVu™ module is not licensed or in use. As a result, all Security Center instances as of 5.11.0.0 are impacted unless the ALPR Manager role has been manually disabled. 

Recommendation 

Customers running an affected version of Security Center should apply the latest update as soon as possible.  

Customers not using AutoVu ALPR should deactivate the ALPR Manager role. 

Workarounds 

If the ALPR Manager role must be used and the Security Center instance cannot be updated promptly, the system administrator should reduce exposure to the system. This can be done by restricting network access to trusted sources and enforcing secure connectivity measures, such as VPN or equivalent controls. 

Affected products 

For more information or assistance, please log in to the Genetec Technical Assistance Portal (GTAP) to open a support case.