Axis

Axis Os

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.6

CVE-2025-5452

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 07:00:46
  • Zuletzt bearbeitet 24.11.2025 17:56:53

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the...

6.7

CVE-2025-6298

  • EPSS 0.03%
  • Veröffentlicht 11.11.2025 06:56:50
  • Zuletzt bearbeitet 21.01.2026 20:06:36

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applica...

6.8

CVE-2025-5718

  • EPSS 0.06%
  • Veröffentlicht 11.11.2025 06:52:33
  • Zuletzt bearbeitet 24.11.2025 17:56:09

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces ...

6.7

CVE-2025-5454

  • EPSS 0.02%
  • Veröffentlicht 11.11.2025 06:50:19
  • Zuletzt bearbeitet 24.11.2025 17:57:25

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of...

6.7

CVE-2025-4645

  • EPSS 0.03%
  • Veröffentlicht 11.11.2025 06:45:29
  • Zuletzt bearbeitet 24.11.2025 17:57:03

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

6.7

CVE-2025-30027

  • EPSS 0.04%
  • Veröffentlicht 12.08.2025 05:18:26
  • Zuletzt bearbeitet 13.01.2026 18:54:52

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

6.7

CVE-2025-3892

  • EPSS 0.03%
  • Veröffentlicht 12.08.2025 05:14:43
  • Zuletzt bearbeitet 13.01.2026 18:56:35

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an atta...

8.8

CVE-2025-0358

  • EPSS 0.18%
  • Veröffentlicht 02.06.2025 07:39:50
  • Zuletzt bearbeitet 15.01.2026 15:38:44

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

4.3

CVE-2025-0325

  • EPSS 0.3%
  • Veröffentlicht 02.06.2025 07:36:55
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

8.8

CVE-2025-0324

  • EPSS 0.35%
  • Veröffentlicht 02.06.2025 07:32:56
  • Zuletzt bearbeitet 15.01.2026 15:42:33

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.