CVE-2025-10941 is a high-severity vulnerability identified in Topaz SERVCore Teller versions 2.14.0-RC2 and 2.14.1, specifically related to the Installer component within the SERVCoreTeller_2.0.40D.msi file. The vulnerability arises from permission issues caused by the use of "nssm" (Non-Sucking Service Manager), a service manager utility that was part of the installer. This flaw allows a local attacker with limited privileges (low-level privileges) to manipulate the installer in a way that escalates permissions, potentially granting higher access rights than intended. The attack requires local access to the affected system, meaning remote exploitation is not feasible without prior access. The vendor has addressed this vulnerability by removing the dependency on "nssm" in the latest installer versions, effectively mitigating the issue. The CVSS 4.0 base score of 8.5 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. However, the vulnerability does not require elevated privileges to initiate but does require local access, limiting the attack vector to insiders or users with some system access. No known exploits are currently reported in the wild, but the potential for privilege escalation makes this a significant risk in environments where SERVCore Teller is deployed.

For European organizations using Topaz SERVCore Teller, particularly in financial or banking sectors where this software is likely deployed, this vulnerability poses a significant risk. An attacker with local access could exploit the permission issues to escalate privileges, potentially gaining unauthorized access to sensitive financial data or critical system functions. This could lead to data breaches, manipulation of transaction records, or disruption of teller operations. The impact on confidentiality is high due to possible unauthorized data access; integrity is at risk because of potential unauthorized modifications; and availability could be affected if the attacker disrupts service components. Given the local attack vector, insider threats or compromised endpoints within the organization's network are the primary concern. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in environments with less stringent internal access controls.

European organizations should prioritize upgrading to the latest version of the SERVCore Teller installer that no longer uses "nssm" to eliminate this vulnerability. In addition, organizations should enforce strict local access controls and monitoring to detect and prevent unauthorized local access attempts. Implementing endpoint security solutions that can detect privilege escalation attempts and anomalous installer manipulations is recommended. Regular audits of user permissions and system logs can help identify suspicious activities early. Network segmentation to isolate teller systems and restrict access to only authorized personnel will reduce the attack surface. Since the vulnerability requires local access, strengthening physical security and endpoint hardening measures is critical. Finally, organizations should maintain an incident response plan tailored to privilege escalation incidents to respond swiftly if exploitation is suspected.