HIGH🇵🇱 Wersja polska

CVE-2025-0360

CVSS 7.8v3.1pub. 2025-03-04upd. 2026-01-22

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Axis Os

    OS
    Axis
    11.11.0 – 12.2.41 (bez)
  • Axis Os 2024

    OS
    Axis
    < 11.11.135
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-0324CRITICAL9.4PL ✓ten sam produkt

Privilege escalation w VAPIX Device Configuration Framework (Axis OS)

CVE-2023-21413CRITICAL9.1ten sam produkt

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the install...

CVE-2025-11142HIGH7.1ten sam produkt

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote cod...

CVE-2025-0358HIGH8.8ten sam produkt

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...

CVE-2025-0359HIGH8.5ten sam produkt

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...