CVE-2025-6266
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-19
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6266
EUVD
EUVD-2025-18762
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
flir flir_ax8_firmware to 1.49.16 (exc)
flir flir_ax8 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6266 is an unrestricted file upload vulnerability in FLIR AX8 devices running firmware up to version 1.46. It exists in the /upload.php script, where the 'file' argument is improperly handled, allowing attackers to upload arbitrary files without authorization or restrictions. This flaw can be exploited remotely and enables attackers to potentially gain unauthorized access or further compromise the device. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized file uploads on the affected FLIR AX8 devices, which may result in attackers gaining unauthorized access, executing malicious code, or compromising the confidentiality, integrity, and availability of the system. Since the exploit is publicly available and easy to execute remotely, it poses a significant security risk to affected devices. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of the /upload.php endpoint on FLIR AX8 devices running firmware version 1.46 or earlier. You can use network scanning or web reconnaissance tools to identify devices exposing this endpoint. For example, using curl or wget to test the /upload.php URL for unauthorized file upload capability. Additionally, Google dorking with queries like 'inurl:upload.php' can help identify vulnerable devices. Specific commands might include: curl -X POST -F "file=@testfile" http://<target-ip>/upload.php to test if file uploads are unrestricted. [2]


What immediate steps should I take to mitigate this vulnerability?

No known mitigations or countermeasures have been published for this vulnerability. The suggested immediate step is to replace the affected FLIR AX8 device with an alternative product. Additionally, restricting network access to the device, disabling the /upload.php endpoint if possible, or isolating the device from untrusted networks may help reduce exposure until a fix or replacement is implemented. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart