Axis

Axis Os

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.1

CVE-2025-8998

  • EPSS 0.05%
  • Veröffentlicht 11.11.2025 07:28:40
  • Zuletzt bearbeitet 12.11.2025 16:19:34

It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service accoun...

4.3

CVE-2025-9524

  • EPSS 0.07%
  • Veröffentlicht 11.11.2025 07:25:45
  • Zuletzt bearbeitet 12.11.2025 16:19:34

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service acco...

6.7

CVE-2025-8108

  • EPSS 0.02%
  • Veröffentlicht 11.11.2025 07:10:31
  • Zuletzt bearbeitet 24.11.2025 17:56:23

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP...

6.7

CVE-2025-6779

  • EPSS 0.03%
  • Veröffentlicht 11.11.2025 07:05:51
  • Zuletzt bearbeitet 24.11.2025 17:54:55

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACA...

6

CVE-2025-6571

  • EPSS 0.02%
  • Veröffentlicht 11.11.2025 07:03:19
  • Zuletzt bearbeitet 12.11.2025 16:19:34

A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.

6.6

CVE-2025-5452

  • EPSS 0.06%
  • Veröffentlicht 11.11.2025 07:00:46
  • Zuletzt bearbeitet 24.11.2025 17:56:53

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the...

6.7

CVE-2025-6298

  • EPSS 0.02%
  • Veröffentlicht 11.11.2025 06:56:50
  • Zuletzt bearbeitet 12.11.2025 16:19:34

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applica...

6.8

CVE-2025-5718

  • EPSS 0.05%
  • Veröffentlicht 11.11.2025 06:52:33
  • Zuletzt bearbeitet 24.11.2025 17:56:09

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces ...

6.7

CVE-2025-5454

  • EPSS 0.02%
  • Veröffentlicht 11.11.2025 06:50:19
  • Zuletzt bearbeitet 24.11.2025 17:57:25

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of...

6.7

CVE-2025-4645

  • EPSS 0.03%
  • Veröffentlicht 11.11.2025 06:45:29
  • Zuletzt bearbeitet 24.11.2025 17:57:03

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...