CVE-2025-10714
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-12

Assigner: Axis Communications AB

Description
AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data intoΒ the installation path of AXIS Optimizer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10714
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
axis optimizer 5.5.18.0
axis optimizer 5.6.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted search path issue in AXIS Optimizer versions 5.5.18.0 and lower. It allows an attacker with local administrator access to write data into the AXIS Optimizer installation directory on a Microsoft Windows system. Exploiting this flaw can lead to privilege escalation, meaning the attacker could gain higher-level system privileges. The vulnerability is classified as CWE-428 and has a high severity rating of 8.4 under CVSSv3.1. A patch fixing this issue is available in AXIS Optimizer version 5.6.0.0 and later. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker with local administrator rights to escalate their privileges further on a Microsoft Windows system running AXIS Optimizer. This could lead to unauthorized control over system functions or data, potentially compromising system integrity and security. However, exploitation requires specific conditions including local access and write permissions to the installation path. [1]

Detection Guidance

This vulnerability involves an unquoted search path in the AXIS Optimizer installation directory on Windows systems. Detection involves checking if the AXIS Optimizer version is 5.5.18.0 or lower and verifying if the installation path contains unquoted spaces that could be exploited. Specific commands are not provided in the resources, but generally, you can check the installation path and version by using Windows commands such as 'wmic product where "name like '%AXIS Optimizer%'" get name, version' to find the installed version, and inspect the installation directory path for unquoted spaces manually or via scripts. [1]

Mitigation Strategies

The immediate mitigation step is to update AXIS Optimizer to version 5.6.0.0 or later, where the unquoted search path vulnerability has been patched. Additionally, ensure that only trusted users have administrator rights and restrict write access to the AXIS Optimizer installation directory to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart