CVE-2026-12694 in Enterprise Video Platforminfo

Summary

by MITRE • 07/17/2026

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/17/2026

The missing authorization vulnerability in Vimesoft Inc.'s Enterprise Video Platform represents a critical security weakness that undermines access control mechanisms designed to protect sensitive video content and administrative functions. This flaw allows authenticated users to access functionality that should be restricted by proper access control lists, creating an unauthorized privilege escalation scenario that can lead to complete system compromise. The vulnerability exists within the platform's authorization framework where certain API endpoints and administrative interfaces fail to properly validate user permissions before granting access to restricted resources.

This technical flaw manifests as a failure in the platform's access control implementation where the Enterprise Video Platform does not adequately enforce role-based access controls or attribute-based access control mechanisms. The vulnerability specifically affects versions from 3.11.0.0 through 3.24.0, indicating a prolonged period during which the authorization checks were improperly configured or entirely absent. The missing authorization check creates a path for malicious actors to bypass normal security boundaries and execute operations that should only be available to administrators or users with specific privileges.

The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential data breaches, content manipulation, and system compromise. An attacker exploiting this weakness could gain access to private video streams, modify user permissions, access administrative controls, and potentially escalate their privileges to full system administrator status. This represents a significant concern for enterprise deployments where sensitive business video content, proprietary information, and confidential communications are stored within the platform. The vulnerability directly violates the principle of least privilege and can result in unauthorized modification of critical system configurations.

Security professionals should note that this vulnerability aligns with CWE-285, which specifically addresses improper authorization issues in software systems, and maps to ATT&CK technique T1078 for valid accounts and T1484 for domain policy manipulation. Organizations using affected versions should immediately implement mitigations including upgrading to version 3.25.0 or later, implementing additional network segmentation controls, and conducting thorough access control reviews. The vulnerability demonstrates the critical importance of proper authorization testing during software development lifecycle phases and highlights the necessity of comprehensive security audits to identify and remediate access control weaknesses before they can be exploited by malicious actors in production environments.

Responsible

TR-CERT

Reservation

06/19/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00243

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!