CVE-2025-10941 HIGH

CVE-2025-10941: Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission

Vendor Topaz
Product SERVCore Teller
Weakness CWE-275
Published September 25, 2025
Last update September 30, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. You should upgrade the affected component. The vendor explains, that "this vulnerability was detected at the beginning of 2025, it was remediated because the latest published version of the installer no longer uses "nssm," which is responsible for this vulnerability".

Key dates

02Disclosure timeline

September 25, 2025 CVE published
September 30, 2025 Record updated