What is the security vulnerability reported in Elseta's Vinci Protocol Analyzer?

Elseta has reported a critical security vulnerability (CVE-2025-1265) with a CVSS score of 9.9 in their Vinci Protocol Analyzer system. The vulnerability allows remote exploitation and OS command injection leading to privilege escalation that could potentially result in complete system compromise through code execution.

Which versions of Vinci Protocol Analyzer are affected?

All versions of Vinci Protocol Analyzer prior to version 3.2.3.19 are affected by this vulnerability.

Advisory

Elseta reports critical vulnerability in Vinci Protocol Analyzer

published: Feb. 22, 2025

Take action: If you are using Elseta Vinci Protocol Analyzer, make sure it's isolated from the internet and accessible only from trusted networks. Then plan a regular patch process.

Learn More

Elseta is reporting a critical security vulnerability in their Vinci Protocol Analyzer system that could allow attackers to perform privilege escalation and execute arbitrary code on affected systems.

The vulnerability is tracked as CVE-2025-1265 (CVSS score 9.9) and allows remote exploitation, OS command injection leading to privilege escalation that could potentially lead to complete system compromise through code execution

The following Elseta product and versions are affected:

Vinci Protocol Analyzer: Versions prior to 3.2.3.19

Elseta has released a patch and recommends users update to version 3.2.3.19 or later to address this vulnerability.

As of February 20, 2025, CISA reports no known public exploitation targeting this vulnerability.

Elseta reports critical vulnerability in Vinci Protocol Analyzer

Read More
PiiGAB product vulnerable to potentially critical exploits
Siemens warns of vulerabilities in SICAM enabling attackers …
Critical unaithenticated RCE flaws reported in Zenitel TCIV-3+ …
Rockwell Automation fixes critical flaw in AADvance Standalone …
Siemens reports critical flaw in Sentron Powercenter 1000