CVE-2025-5695
BaseFortify
Publication date: 2025-06-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flir | flir_ax8_firmware | From 1.46.0 (inc) to 1.46.16 (inc) |
| flir | flir_ax8 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5695 is a critical remote command injection vulnerability in FLIR AX8 devices running firmware up to version 1.46.16. It affects the backend component, specifically the functions subscribe_to_spot, subscribe_to_delta, and subscribe_to_alarm in the file /usr/www/application/models/subscriptions.php. The vulnerability arises because user input is improperly handled and used to construct system commands without proper sanitization, allowing an attacker to execute arbitrary commands remotely on the device. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely execute arbitrary commands on your FLIR AX8 device, potentially compromising the confidentiality, integrity, and availability of the system. This could lead to unauthorized control over the device, data breaches, disruption of services, or further attacks within your network. [4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable file `/usr/www/application/models/subscriptions.php` on FLIR AX8 devices running firmware up to version 1.46.16. Additionally, Google dorking can be used with queries such as `inurl:usr/www/application/models/subscriptions.php` to identify vulnerable targets. Since the vulnerability involves command injection in specific functions, monitoring for unusual command execution or suspicious activity related to these functions may help detect exploitation attempts. However, no specific detection commands are provided in the resources. [4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the FLIR AX8 device firmware to version 1.55.16, which patches the vulnerability. This update is available from FLIR's official support site (flir.custhelp.com). Until the upgrade can be applied, restricting remote access to the affected device and monitoring for suspicious activity may help reduce risk. [4]