4.3
CVE-2025-9524
- EPSS 0.07%
- Veröffentlicht 11.11.2025 07:25:45
- Zuletzt bearbeitet 12.11.2025 16:19:34
- Quelle product-security@axis.com
- CVE-Watchlists
- Unerledigt
The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAxis Communications AB
≫
Produkt
AXIS OS
Default Statusunaffected
Version <
6.50.5.21
Version
6.50.0
Status
affected
Version <
8.40.89
Version
7.0.0
Status
affected
Version <
9.80.123
Version
9.0.0
Status
affected
Version <
10.12.305
Version
10.0.0
Status
affected
Version <
11.11.177
Version
11.0.0
Status
affected
Version <
12.7.11
Version
12.0.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| product-security@axis.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.