CRITICAL🇵🇱 Wersja polska

CVE-2025-0324

CVSS 9.4v3.1pub. 2025-06-02upd. 2026-01-15

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
  • Axis Os

    OS
    Axis
    12.0.0 – 12.3.33 (bez)
  • Axis Os 2024

    OS
    Axis
    11.8.0 – 11.11.140 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2023-21413CRITICAL9.1ten sam produkt

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the install...

CVE-2025-11142HIGH7.1ten sam produkt

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote cod...

CVE-2025-0358HIGH8.8ten sam produkt

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...

CVE-2025-0360HIGH7.8ten sam produkt

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...

CVE-2025-0359HIGH8.5ten sam produkt

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...