9.4
CVE-2025-0324
- EPSS 0.08%
- Published 02.06.2025 07:32:56
- Last modified 02.06.2025 17:32:17
- Source product-security@axis.com
- Teams watchlist Login
- Open Login
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAxis Communications AB
≫
Product
AXIS OS
Default Statusunaffected
Version <
11.11.140
Version
11.8.0
Status
affected
Version <
12.3.33
Version
12.0.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.248 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| product-security@axis.com | 9.4 | 3.9 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
|
CWE-791 Incomplete Filtering of Special Elements
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.