Search criteria
33 vulnerabilities found for camera_station_pro by axis
FKIE_CVE-2025-12063
Vulnerability from fkie_nvd - Published: 2026-02-10 07:16 - Updated: 2026-02-17 15:09
Severity ?
Summary
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F257DBF0-2884-4BC6-9C49-5BDD1F0824EA",
"versionEndExcluding": "6.14.10768",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions."
},
{
"lang": "es",
"value": "Una referencia directa insegura a objeto permiti\u00f3 a un usuario no administrador modificar o eliminar ciertos objetos de datos sin tener los permisos adecuados."
}
],
"id": "CVE-2025-12063",
"lastModified": "2026-02-17T15:09:06.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T07:16:12.553",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/bc/f0/5a/cve-2025-12063pdf-en-US-519288.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-13064
Vulnerability from fkie_nvd - Published: 2026-02-10 06:15 - Updated: 2026-02-17 15:10
Severity ?
Summary
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F257DBF0-2884-4BC6-9C49-5BDD1F0824EA",
"versionEndExcluding": "6.14.10768",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n del lado del servidor fue posible para que un administrador malicioso manipulara la aplicaci\u00f3n para incluir un script malicioso que es ejecutado por el servidor. Este ataque solo es posible si el administrador usa un cliente que ha sido manipulado."
}
],
"id": "CVE-2025-13064",
"lastModified": "2026-02-17T15:10:00.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T06:15:54.170",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pdf-en-US-519290.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-12757
Vulnerability from fkie_nvd - Published: 2026-02-10 06:15 - Updated: 2026-02-17 15:10
Severity ?
Summary
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F257DBF0-2884-4BC6-9C49-5BDD1F0824EA",
"versionEndExcluding": "6.14.10768",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to."
},
{
"lang": "es",
"value": "Una caracter\u00edstica de AXIS Camera Station Pro puede ser explotada de una manera que permite a un usuario no administrador ver informaci\u00f3n a la que no tiene permiso."
}
],
"id": "CVE-2025-12757",
"lastModified": "2026-02-17T15:10:09.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T06:15:54.037",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/de/38/d3/cve-2025-12757pdf-en-US-519289.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-11547
Vulnerability from fkie_nvd - Published: 2026-02-10 06:15 - Updated: 2026-02-17 15:10
Severity ?
Summary
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E4145B-9667-4C7A-9755-5E57371D06F8",
"versionEndExcluding": "6.13.55835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AXIS Camera Station Pro contained a flaw to\u00a0perform a privilege escalation attack on the server as a non-admin user."
},
{
"lang": "es",
"value": "AXIS Camera Station Pro conten\u00eda una falla para realizar un ataque de escalada de privilegios en el servidor como un usuario no administrador."
}
],
"id": "CVE-2025-11547",
"lastModified": "2026-02-17T15:10:57.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T06:15:53.903",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/permalink/253485/cve-2025-11547pdf-en-US_253485.pdf?noS3=1"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-7622
Vulnerability from fkie_nvd - Published: 2025-08-12 05:15 - Updated: 2026-01-13 18:46
Severity ?
Summary
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station | * | |
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6001D30-ECE9-469E-93A3-CD3933B71029",
"versionEndExcluding": "5.59.49607",
"versionStartIncluding": "5.32.244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9288756C-DECA-46DA-83BD-CD79DF6A4EC7",
"versionEndExcluding": "6.10.49500",
"versionStartIncluding": "6.0.25729",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that\u00a0allowed an authenticated attacker to access internal resources on the server was discovered."
},
{
"lang": "es",
"value": "Durante una evaluaci\u00f3n de seguridad interna, se descubri\u00f3 una vulnerabilidad Server-Side Request Forgery (SSRF) que permit\u00eda a un atacante autenticado acceder a recursos internos del servidor."
}
],
"id": "CVE-2025-7622",
"lastModified": "2026-01-13T18:46:46.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2025-08-12T05:15:32.227",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/c5/9a/3c/cve-2025-7622pdf-en-US-492761.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30025
Vulnerability from fkie_nvd - Published: 2025-07-11 06:15 - Updated: 2026-01-23 21:49
Severity ?
Summary
The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * | |
| axis | device_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02E2CB-4466-44BF-91F6-93C771252E3B",
"versionEndExcluding": "6.8.43213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axis:device_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF55EDF-897D-4BF0-AF22-47DF34C115AA",
"versionEndExcluding": "5.32.137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The communication protocol used between the\nserver process and the service control had a flaw that could lead to a local privilege escalation."
},
{
"lang": "es",
"value": "El protocolo de comunicaci\u00f3n utilizado entre el proceso del servidor y el control del servicio ten\u00eda una falla que podr\u00eda conducir a una escalada de privilegios locales."
}
],
"id": "CVE-2025-30025",
"lastModified": "2026-01-23T21:49:32.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2025-07-11T06:15:24.703",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/f2/28/d2/cve-2025-30025pdf-en-US-517962.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30023
Vulnerability from fkie_nvd - Published: 2025-07-11 06:15 - Updated: 2026-01-23 21:14
Severity ?
Summary
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station | * | |
| axis | camera_station_pro | * | |
| axis | device_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D47CCA-77F6-460D-A181-49C11FFFC543",
"versionEndExcluding": "5.58.47195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC01AC79-06DF-4E7B-B8F5-BEE7309C1BB1",
"versionEndExcluding": "6.9.47069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axis:device_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF55EDF-897D-4BF0-AF22-47DF34C115AA",
"versionEndExcluding": "5.32.137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack."
},
{
"lang": "es",
"value": "El protocolo de comunicaci\u00f3n utilizado entre el cliente y el servidor ten\u00eda una falla que pod\u00eda llevar a que un usuario autenticado realizara un ataque de ejecuci\u00f3n de c\u00f3digo remoto."
}
],
"id": "CVE-2025-30023",
"lastModified": "2026-01-23T21:14:03.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2025-07-11T06:15:24.257",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30026
Vulnerability from fkie_nvd - Published: 2025-07-11 06:15 - Updated: 2026-01-16 14:56
Severity ?
Summary
The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station | * | |
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D47CCA-77F6-460D-A181-49C11FFFC543",
"versionEndExcluding": "5.58.47195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "934CB431-611E-4CFC-9E10-2D796A7626C2",
"versionEndExcluding": "6.9.47069",
"versionStartIncluding": "6.0.25729",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required."
},
{
"lang": "es",
"value": "El servidor AXIS Camera Station ten\u00eda una falla que permit\u00eda eludir la autenticaci\u00f3n que normalmente se requiere."
}
],
"id": "CVE-2025-30026",
"lastModified": "2026-01-16T14:56:23.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-security@axis.com",
"type": "Secondary"
}
]
},
"published": "2025-07-11T06:15:24.870",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/a3/42/92/cve-2025-30026pdf-en-US-485735.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1056
Vulnerability from fkie_nvd - Published: 2025-04-23 06:15 - Updated: 2026-01-14 17:41
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02E2CB-4466-44BF-91F6-93C771252E3B",
"versionEndExcluding": "6.8.43213",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
},
{
"lang": "es",
"value": "Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha identificado un problema con un archivo espec\u00edfico que utiliza el servidor. Un usuario no administrador puede modificar este archivo para crear archivos o cambiar el contenido de los archivos en una ubicaci\u00f3n protegida por el administrador. Axis ha publicado una versi\u00f3n parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"id": "CVE-2025-1056",
"lastModified": "2026-01-14T17:41:50.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "product-security@axis.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-23T06:15:46.573",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-0926
Vulnerability from fkie_nvd - Published: 2025-04-23 06:15 - Updated: 2026-01-14 17:45
Severity ?
5.9 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Summary
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | camera_station_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02E2CB-4466-44BF-91F6-93C771252E3B",
"versionEndExcluding": "6.8.43213",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
},
{
"lang": "es",
"value": "Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha descubierto que un usuario no administrador puede eliminar archivos del sistema que causan un bucle de arranque al redirigir la eliminaci\u00f3n de un archivo al grabar v\u00eddeo. Axis ha publicado una versi\u00f3n parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"id": "CVE-2025-0926",
"lastModified": "2026-01-14T17:45:54.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "product-security@axis.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-23T06:15:45.200",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
}
]
}
CVE-2025-12063 (GCVE-0-2025-12063)
Vulnerability from nvd – Published: 2026-02-10 05:52 – Updated: 2026-02-10 20:16
VLAI?
Summary
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Severity ?
5.7 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.14
(semver)
|
Credits
Seth Fogie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:16:51.460464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:16:58.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seth Fogie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions."
}
],
"value": "An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:52:35.732Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/bc/f0/5a/cve-2025-12063pdf-en-US-519288.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-12063",
"datePublished": "2026-02-10T05:52:35.732Z",
"dateReserved": "2025-10-22T12:39:08.436Z",
"dateUpdated": "2026-02-10T20:16:58.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12757 (GCVE-0-2025-12757)
Vulnerability from nvd – Published: 2026-02-10 05:47 – Updated: 2026-02-10 20:16
VLAI?
Summary
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
Severity ?
4.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.14
(semver)
|
Credits
Seth Fogie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:16:29.609789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:16:37.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seth Fogie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to."
}
],
"value": "An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:47:20.339Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/de/38/d3/cve-2025-12757pdf-en-US-519289.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-12757",
"datePublished": "2026-02-10T05:47:20.339Z",
"dateReserved": "2025-11-05T15:44:36.310Z",
"dateUpdated": "2026-02-10T20:16:37.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13064 (GCVE-0-2025-13064)
Vulnerability from nvd – Published: 2026-02-10 05:40 – Updated: 2026-02-10 20:16
VLAI?
Summary
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Severity ?
4.5 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.14
(semver)
|
Credits
Seth Fogie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:16:08.351455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:16:16.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seth Fogie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with."
}
],
"value": "A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:40:34.374Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pdf-en-US-519290.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-13064",
"datePublished": "2026-02-10T05:40:34.374Z",
"dateReserved": "2025-11-12T13:05:30.353Z",
"dateUpdated": "2026-02-10T20:16:16.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11547 (GCVE-0-2025-11547)
Vulnerability from nvd – Published: 2026-02-10 05:35 – Updated: 2026-02-11 04:56
VLAI?
Summary
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
Severity ?
7.8 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6.11 , ≤ 6.12
(semver)
|
Credits
Molybdenum
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T04:56:16.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThanOrEqual": "6.12",
"status": "affected",
"version": "6.11",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.12",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Molybdenum"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AXIS Camera Station Pro contained a flaw to\u0026nbsp;perform a privilege escalation attack on the server as a non-admin user."
}
],
"value": "AXIS Camera Station Pro contained a flaw to\u00a0perform a privilege escalation attack on the server as a non-admin user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:35:50.903Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/permalink/253485/cve-2025-11547pdf-en-US_253485.pdf?noS3=1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-11547",
"datePublished": "2026-02-10T05:35:50.903Z",
"dateReserved": "2025-10-09T09:07:50.890Z",
"dateUpdated": "2026-02-11T04:56:16.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7622 (GCVE-0-2025-7622)
Vulnerability from nvd – Published: 2025-08-12 05:09 – Updated: 2025-08-12 17:59
VLAI?
Summary
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.10
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T17:59:18.517289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T17:59:32.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.10",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "5.59",
"status": "affected",
"version": "5.32",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that\u0026nbsp;allowed an authenticated attacker to access internal resources on the server was discovered."
}
],
"value": "During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that\u00a0allowed an authenticated attacker to access internal resources on the server was discovered."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T05:09:23.834Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/c5/9a/3c/cve-2025-7622pdf-en-US-492761.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-7622",
"datePublished": "2025-08-12T05:09:23.834Z",
"dateReserved": "2025-07-14T05:12:26.078Z",
"dateUpdated": "2025-08-12T17:59:32.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30026 (GCVE-0-2025-30026)
Vulnerability from nvd – Published: 2025-07-11 06:05 – Updated: 2025-07-11 16:19
VLAI?
Summary
The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
<6.9
|
|||||||
|
|||||||||
Credits
Noam Moshe of Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:19:06.665808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:19:20.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6.9"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.58"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required.\n\n\u003cbr\u003e"
}
],
"value": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T06:05:33.887Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/a3/42/92/cve-2025-30026pdf-en-US-485735.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-30026",
"datePublished": "2025-07-11T06:05:33.887Z",
"dateReserved": "2025-03-14T05:27:55.732Z",
"dateUpdated": "2025-07-11T16:19:20.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30025 (GCVE-0-2025-30025)
Vulnerability from nvd – Published: 2025-07-11 06:04 – Updated: 2026-01-07 09:59
VLAI?
Summary
The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Device Manager |
Affected:
<5.32
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:22:32.432800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:22:38.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Device Manager",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.32"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6.8"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The communication protocol used between the\nserver process and the service control had a flaw that could lead to a local privilege escalation.\n\n\u003cbr\u003e"
}
],
"value": "The communication protocol used between the\nserver process and the service control had a flaw that could lead to a local privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T09:59:44.547Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/f2/28/d2/cve-2025-30025pdf-en-US-517962.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-30025",
"datePublished": "2025-07-11T06:04:40.972Z",
"dateReserved": "2025-03-14T05:27:55.732Z",
"dateUpdated": "2026-01-07T09:59:44.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30023 (GCVE-0-2025-30023)
Vulnerability from nvd – Published: 2025-07-11 06:02 – Updated: 2025-07-11 16:36
VLAI?
Summary
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
Severity ?
9 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
<6.9
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:30:26.166108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:36:45.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6.9"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.58"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Device Manager",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.32"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.\u003cbr\u003e"
}
],
"value": "The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T06:02:00.620Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-30023",
"datePublished": "2025-07-11T06:02:00.620Z",
"dateReserved": "2025-03-14T05:27:55.732Z",
"dateUpdated": "2025-07-11T16:36:45.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0926 (GCVE-0-2025-0926)
Vulnerability from nvd – Published: 2025-04-23 05:22 – Updated: 2025-04-23 13:08
VLAI?
Summary
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
Severity ?
5.9 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:40.609777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T13:08:49.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e"
}
],
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T05:22:03.489Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-0926",
"datePublished": "2025-04-23T05:22:03.489Z",
"dateReserved": "2025-01-31T06:15:14.691Z",
"dateUpdated": "2025-04-23T13:08:49.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1056 (GCVE-0-2025-1056)
Vulnerability from nvd – Published: 2025-04-23 05:18 – Updated: 2025-04-23 13:09
VLAI?
Summary
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
Severity ?
6.1 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:09:24.348886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T13:09:33.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T05:18:47.170Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-1056",
"datePublished": "2025-04-23T05:18:10.120Z",
"dateReserved": "2025-02-05T07:29:10.344Z",
"dateUpdated": "2025-04-23T13:09:33.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12063 (GCVE-0-2025-12063)
Vulnerability from cvelistv5 – Published: 2026-02-10 05:52 – Updated: 2026-02-10 20:16
VLAI?
Summary
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Severity ?
5.7 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.14
(semver)
|
Credits
Seth Fogie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:16:51.460464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:16:58.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seth Fogie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions."
}
],
"value": "An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:52:35.732Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/bc/f0/5a/cve-2025-12063pdf-en-US-519288.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-12063",
"datePublished": "2026-02-10T05:52:35.732Z",
"dateReserved": "2025-10-22T12:39:08.436Z",
"dateUpdated": "2026-02-10T20:16:58.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12757 (GCVE-0-2025-12757)
Vulnerability from cvelistv5 – Published: 2026-02-10 05:47 – Updated: 2026-02-10 20:16
VLAI?
Summary
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
Severity ?
4.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.14
(semver)
|
Credits
Seth Fogie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:16:29.609789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:16:37.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seth Fogie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to."
}
],
"value": "An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:47:20.339Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/de/38/d3/cve-2025-12757pdf-en-US-519289.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-12757",
"datePublished": "2026-02-10T05:47:20.339Z",
"dateReserved": "2025-11-05T15:44:36.310Z",
"dateUpdated": "2026-02-10T20:16:37.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13064 (GCVE-0-2025-13064)
Vulnerability from cvelistv5 – Published: 2026-02-10 05:40 – Updated: 2026-02-10 20:16
VLAI?
Summary
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Severity ?
4.5 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.14
(semver)
|
Credits
Seth Fogie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:16:08.351455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:16:16.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seth Fogie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with."
}
],
"value": "A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:40:34.374Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pdf-en-US-519290.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-13064",
"datePublished": "2026-02-10T05:40:34.374Z",
"dateReserved": "2025-11-12T13:05:30.353Z",
"dateUpdated": "2026-02-10T20:16:16.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11547 (GCVE-0-2025-11547)
Vulnerability from cvelistv5 – Published: 2026-02-10 05:35 – Updated: 2026-02-11 04:56
VLAI?
Summary
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
Severity ?
7.8 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6.11 , ≤ 6.12
(semver)
|
Credits
Molybdenum
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T04:56:16.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThanOrEqual": "6.12",
"status": "affected",
"version": "6.11",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axis_communications_ab:axis_camera_station_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.12",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Molybdenum"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AXIS Camera Station Pro contained a flaw to\u0026nbsp;perform a privilege escalation attack on the server as a non-admin user."
}
],
"value": "AXIS Camera Station Pro contained a flaw to\u00a0perform a privilege escalation attack on the server as a non-admin user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T05:35:50.903Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/permalink/253485/cve-2025-11547pdf-en-US_253485.pdf?noS3=1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-11547",
"datePublished": "2026-02-10T05:35:50.903Z",
"dateReserved": "2025-10-09T09:07:50.890Z",
"dateUpdated": "2026-02-11T04:56:16.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7622 (GCVE-0-2025-7622)
Vulnerability from cvelistv5 – Published: 2025-08-12 05:09 – Updated: 2025-08-12 17:59
VLAI?
Summary
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.10
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T17:59:18.517289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T17:59:32.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.10",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "5.59",
"status": "affected",
"version": "5.32",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that\u0026nbsp;allowed an authenticated attacker to access internal resources on the server was discovered."
}
],
"value": "During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that\u00a0allowed an authenticated attacker to access internal resources on the server was discovered."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T05:09:23.834Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/c5/9a/3c/cve-2025-7622pdf-en-US-492761.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-7622",
"datePublished": "2025-08-12T05:09:23.834Z",
"dateReserved": "2025-07-14T05:12:26.078Z",
"dateUpdated": "2025-08-12T17:59:32.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30026 (GCVE-0-2025-30026)
Vulnerability from cvelistv5 – Published: 2025-07-11 06:05 – Updated: 2025-07-11 16:19
VLAI?
Summary
The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
<6.9
|
|||||||
|
|||||||||
Credits
Noam Moshe of Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:19:06.665808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:19:20.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6.9"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.58"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required.\n\n\u003cbr\u003e"
}
],
"value": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T06:05:33.887Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/a3/42/92/cve-2025-30026pdf-en-US-485735.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-30026",
"datePublished": "2025-07-11T06:05:33.887Z",
"dateReserved": "2025-03-14T05:27:55.732Z",
"dateUpdated": "2025-07-11T16:19:20.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30025 (GCVE-0-2025-30025)
Vulnerability from cvelistv5 – Published: 2025-07-11 06:04 – Updated: 2026-01-07 09:59
VLAI?
Summary
The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Device Manager |
Affected:
<5.32
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:22:32.432800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:22:38.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Device Manager",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.32"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6.8"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The communication protocol used between the\nserver process and the service control had a flaw that could lead to a local privilege escalation.\n\n\u003cbr\u003e"
}
],
"value": "The communication protocol used between the\nserver process and the service control had a flaw that could lead to a local privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T09:59:44.547Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/f2/28/d2/cve-2025-30025pdf-en-US-517962.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-30025",
"datePublished": "2025-07-11T06:04:40.972Z",
"dateReserved": "2025-03-14T05:27:55.732Z",
"dateUpdated": "2026-01-07T09:59:44.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30023 (GCVE-0-2025-30023)
Vulnerability from cvelistv5 – Published: 2025-07-11 06:02 – Updated: 2025-07-11 16:36
VLAI?
Summary
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
Severity ?
9 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
<6.9
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:30:26.166108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:36:45.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c6.9"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.58"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Device Manager",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "\u003c5.32"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.\u003cbr\u003e"
}
],
"value": "The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T06:02:00.620Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-30023",
"datePublished": "2025-07-11T06:02:00.620Z",
"dateReserved": "2025-03-14T05:27:55.732Z",
"dateUpdated": "2025-07-11T16:36:45.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0926 (GCVE-0-2025-0926)
Vulnerability from cvelistv5 – Published: 2025-04-23 05:22 – Updated: 2025-04-23 13:08
VLAI?
Summary
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
Severity ?
5.9 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:40.609777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T13:08:49.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e"
}
],
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T05:22:03.489Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-0926",
"datePublished": "2025-04-23T05:22:03.489Z",
"dateReserved": "2025-01-31T06:15:14.691Z",
"dateUpdated": "2025-04-23T13:08:49.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1056 (GCVE-0-2025-1056)
Vulnerability from cvelistv5 – Published: 2025-04-23 05:18 – Updated: 2025-04-23 13:09
VLAI?
Summary
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
Severity ?
6.1 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axis Communications AB | AXIS Camera Station Pro |
Affected:
6 , < 6.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:09:24.348886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T13:09:33.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS Camera Station Pro",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T05:18:47.170Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2025-1056",
"datePublished": "2025-04-23T05:18:10.120Z",
"dateReserved": "2025-02-05T07:29:10.344Z",
"dateUpdated": "2025-04-23T13:09:33.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}