CVE-2025-1056

EPSS 0.02%
Veröffentlicht 23.04.2025 05:18:10
Zuletzt bearbeitet 23.04.2025 14:08:13
Quelle product-security@axis.com
Teams Watchlist Login
Unerledigt Login

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please 
refer to the Axis security advisory for more information and solution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAxis Communications AB

≫

Produkt AXIS Camera Station Pro

Default Statusunaffected

Version < 6.8

Version 6

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-security@axis.com	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf

https://nvd.nist.gov/vuln/detail/CVE-2025-1056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1056

EUVD