Privilege escalation vulnerability affecting RabbitMQ deployment in Genetec products
May 25, 2026
A security vulnerability affecting RabbitMQ deployed with certain Genetec product installations has been identified. The affected installations are listed below. There is currently no evidence that this vulnerability has been exploited.
The identified issue is a privilege escalation vulnerability in the way RabbitMQ is deployed as part of Genetec product environments. Under specific conditions, someone with local access to the machine could gain higher-level permissions than intended.
Risk assessment
The vulnerability (CVE-2026-25112) affects deployments that use Genetec-provided RabbitMQ. Successful exploitation requires local access to the machine hosting the RabbitMQ node and could allow an attacker to gain elevated privileges beyond those intended. The CVSS v3.1 base score for this vulnerability is 7.8 (High).
Details
The operation of RabbitMQ depends on a diagnostic utility. If the environment includes unexpected or untrusted items in locations where a legitimate diagnostic utility is expected, the service may inadvertently rely on that untrusted component.
Because RabbitMQ runs with elevated privileges, this can grant undue authority to the untrusted component, increasing system risk.
This issue affects deployments using Genetec-provided RabbitMQ 3.13.7.3 and earlier. See the table of affected products-below.
Recommendation
For new deployments, Genetec-provided RabbitMQ 3.13.7.19 is available. New deployments can use the Genetec-provided RabbitMQ 3.13.7.19 standalone installer safely without needing to run the mitigation utility.
For existing deployments, customers running an affected version should execute the mitigation utility available in GTAP as soon as possible.
- Find and download the utility tool SecurityUtility_CVE-2026-25112_RabbitMQ.exe from the Security Center Product Download page of GTAP.
- Run the utility tool on the machine on which Rabbit-MQ is installed. Administrator privileges are required.
Workarounds
If customers cannot apply the mitigation utility in a timely fashion, they should restrict access to the following folder to admin users:
ProgramData\Genetec\RabbitMQ
Affected products
| Product | Affected | Patched version | Existing deployment |
| Genetec-provided RabbitMQ | yes | 3.13.7.19 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Genetec Mission Control™ | yes | 3.4.1.0 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Genetec Industrial IoT (IIoT) — 5.x line | yes | 5.5.118.0 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Genetec Industrial IoT (IIoT) — 6.x line | yes | 6.0.196.0 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Genetec Airport Operational Manager (AOM) | yes | 1.6 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Genetec Restricted Security Area (RSA) Surveillance | yes | 5.2.1 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Genetec Inter-System (IS) Gateway | yes | 1.2 and later | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| Sipelia™ | yes | 2.11 and later. RabbitMQ no longer used starting from v2.11 | Apply SecurityUtility_CVE-2026-25112_RabbitMQ.exe |
| All other Genetec products | no |
For more information or assistance, please log in to the Genetec Technical Assistance Portal (GTAP) to open a support case.