CVE-2025-0836 is a Missing Authorization vulnerability (CWE-862) identified in Milestone Systems XProtect Video Management System (VMS), versions 23.1 through 25.1. The vulnerability arises because the system fails to properly enforce authorization checks on the MIP Webhooks API. Specifically, users with read-only access to the Management Server component can exploit this flaw to gain full read/write privileges on the MIP Webhooks API. This API is typically used for integrating and automating external systems with XProtect, and unauthorized write access could allow attackers to manipulate webhook configurations, potentially disrupting video surveillance workflows or injecting malicious commands. The vulnerability is remotely exploitable over the network without requiring user interaction or elevated privileges beyond read-only access, increasing its risk profile. The CVSS v4.0 score of 5.3 reflects a medium severity, considering the ease of exploitation and the potential impact on system integrity and availability. No public exploits are known at this time, but the vulnerability's presence in widely deployed versions of XProtect VMS makes it a concern for organizations relying on this platform for security monitoring and surveillance.

For European organizations, the impact of this vulnerability could be significant, especially for entities relying on XProtect VMS for critical security and surveillance operations such as airports, transportation hubs, government facilities, and large enterprises. Unauthorized write access to the MIP Webhooks API could allow attackers to alter webhook configurations, disable alerts, or inject malicious payloads that disrupt video monitoring or data collection. This could lead to loss of situational awareness, delayed incident response, or manipulation of recorded evidence, undermining physical security and compliance with data protection regulations like GDPR. Additionally, the integrity of security event data could be compromised, affecting forensic investigations. The vulnerability's exploitation could also serve as a foothold for further lateral movement within the network, increasing overall risk exposure.

Organizations should prioritize deploying patches or updates from Milestone Systems as soon as they become available to address this authorization flaw. In the interim, administrators should audit and restrict read-only user permissions, ensuring that such accounts do not have access to sensitive API endpoints like MIP Webhooks. Network segmentation and firewall rules should be applied to limit access to the Management Server and its APIs to trusted hosts and users only. Implementing strong authentication and monitoring API usage logs for unusual activity can help detect exploitation attempts. Additionally, organizations should review webhook configurations regularly and employ anomaly detection to identify unauthorized changes. Engaging with Milestone support for guidance on temporary workarounds or configuration changes to mitigate risk is also recommended.