CVE-2026-13125
Received Received - Intake

Unauthenticated WebSocket API Access in GeoWebPlayer

Vulnerability report for CVE-2026-13125, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. In order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it's possible to call a combination of the `create` method and `getScreenCapture` to retrieve the content of the user's screen.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
geovision geowebplayer 1.1.1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in GeoWebPlayer allows unauthorized access to sensitive APIs and the potential retrieval of a user's screen content without authentication. This exposure of sensitive information could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over access to personal and sensitive data.

GeoVision maintains a structured cybersecurity policy with timely vulnerability management and updates, which supports compliance efforts. However, the existence of this high-severity vulnerability prior to patching represents a risk to compliance until it is fully remediated.

Executive Summary

CVE-2026-13125 is a vulnerability in GeoVision's GeoWebPlayer Websocket Server (version 1.1.1.0) that lacks authentication, allowing attackers to execute privileged operations via a specially crafted websocket connection.

An attacker can create a malicious webpage to exploit this flaw, potentially accessing sensitive APIs without needing to authenticate.

Specifically, by combining the 'create' method and the 'getScreenCapture' function, an attacker can retrieve the content of the user's screen, exposing sensitive information.

Impact Analysis

This vulnerability can have serious impacts as it allows remote attackers to access sensitive APIs and retrieve the content of a user's screen without authentication.

  • Exposure of sensitive or confidential information displayed on the user's screen.
  • Potential unauthorized access to privileged operations within the GeoWebPlayer websocket server.
  • Increased risk of data leakage or espionage through malicious websites exploiting this flaw.
Detection Guidance

This vulnerability involves the GeoWebPlayer websocket server running without authentication, which can be detected by checking for open websocket connections on the affected ports used by GeoWebPlayer.

You can scan your network for the GeoWebPlayer websocket server (version 1.1.1.0) by identifying open websocket ports typically used by GeoVision software addons.

A possible command to detect the websocket server is to use network scanning tools like nmap to identify open websocket ports, for example:

  • nmap -p <port> --script websocket-open-proxy <target-ip>

Additionally, you can attempt to connect to the websocket server using tools like 'websocat' or 'wscat' to see if the server accepts connections without authentication.

Mitigation Strategies

The immediate mitigation step is to apply the vendor-released patch for GeoWebPlayer, which was made available on April 28, 2026.

Until the patch can be applied, restrict network access to the GeoWebPlayer websocket server by limiting exposure to untrusted networks and blocking the relevant ports at firewalls.

Also, educate users to avoid interacting with untrusted websites that could exploit this vulnerability via malicious websocket connections.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart