CVE-2025-10941 is a high-severity vulnerability identified in Topaz SERVCore Teller versions 2.14.0-RC2 and 2.14.1. The vulnerability resides in the Installer component, specifically within the file SERVCoreTeller_2.0.40D.msi. The issue involves permission misconfigurations or manipulation that can be exploited locally by an attacker with limited privileges (low privileges required) to escalate permissions or perform unauthorized actions. The vulnerability does not require user interaction and has low attack complexity, but it requires local access to the affected system. The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability, meaning successful exploitation could lead to significant compromise of the system. The vendor was contacted but did not respond, and no patches or mitigations have been publicly released yet. There are no known exploits in the wild at this time. The vulnerability is critical for environments where SERVCore Teller is deployed, as it could allow an attacker to gain elevated privileges and potentially control or disrupt teller operations or sensitive financial data processing.

For European organizations, particularly financial institutions using Topaz SERVCore Teller, this vulnerability poses a significant risk. The ability for a local attacker to escalate privileges could lead to unauthorized access to sensitive financial transaction data, manipulation of teller operations, or disruption of banking services. This could result in financial losses, regulatory non-compliance (e.g., GDPR breaches due to data exposure), reputational damage, and operational downtime. Given the critical nature of financial services in Europe and strict regulatory environments, exploitation could trigger investigations and fines. Additionally, insider threats or compromised internal systems could leverage this vulnerability to expand their access, increasing the risk of insider fraud or sabotage.

Since no official patch is available, European organizations should implement strict access controls to limit local access to systems running SERVCore Teller. This includes enforcing the principle of least privilege, ensuring only authorized personnel have local login rights. Employ endpoint detection and response (EDR) solutions to monitor for suspicious privilege escalation attempts. Regularly audit installed software versions and configurations to identify vulnerable instances. Network segmentation should isolate teller systems from general user workstations to reduce attack surface. If possible, deploy application whitelisting to prevent unauthorized execution of manipulated installer files. Organizations should also engage with Topaz for updates and monitor security advisories for patches. In the interim, consider temporary compensating controls such as enhanced logging and alerting on installer execution or permission changes related to SERVCore Teller components.