CVE Alert: CVE-2025-10941 – Topaz – SERVCore Teller
CVE-2025-10941
A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
High risk of local privilege escalation via the SERVCore Teller installer; exploitation is not shown as active, but could grant full control on affected hosts once local access is obtained.
Why this matters
The flaw resides in the installer component, enabling permission issues with high impact on confidentiality, integrity and availability. In financial or teller environments, an attacker with local access could elevate to administrator, tamper with installation state, or persist across sessions, potentially compromising data and service availability.
Most likely attack path
Attacker requires local access and uses manipulated installer data to trigger the privilege escalation during SERVCoreTeller_2.0.40D.msi handling. With Local Access, attack complexity is low and privileges required are low, so a standard user could feasibly exploit it, gaining high-impact access without user interaction. Lateral movement is limited by scope, but elevated privileges on the host could enable broader access to installed components and related services.
Who is most exposed
Organizations deploying SERVCore Teller on Windows endpoints for teller or kiosk-like use in finance/retail settings are most at risk, especially where installers and updates are run with limited oversight or broad write permissions.
Detection ideas
- Monitor for unexpected changes to SERVCoreTeller_2.0.40D.msi and its directory permissions.
- Look for anomalous MSI execution events (msiexec) initiated by non-admin processes.
- File permission modifications in installer paths outside standard change windows.
- Unusual process trees around installation events (child processes elevating privileges).
- Local accounts attempting to write to restricted installer folders outside scheduled updates.
Mitigation and prioritisation
- Patch to vendor-supplied fixed release; if unavailable, apply strict access controls on installer directories.
- Enforce least privilege for installation workflows and restrict MSI execution to administrators.
- Implement application whitelisting and digital signing validation for installers.
- Strengthen change-management: verify integrity of installer files before deployment; monitor and alert on permission changes in installer paths.
- If KEV or EPSS data indicate higher risk, escalate; otherwise treat as high-priority due to impact potential and local-exploitation nature.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
