CVE-2025-4645
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-24
Assigner: Axis Communications AB
Description
Description
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | From 12.0.0 (inc) to 12.6.7 (exc) |
| axis | a1210_\(-b\) | * |
| axis | a1214 | * |
| axis | a1601 | * |
| axis | a1610_\(-b\) | * |
| axis | a1710-b | * |
| axis | a1810-b | * |
| axis | a8207-ve_mk_ii | * |
| axis | c1110-e | * |
| axis | c1111-e | * |
| axis | c1210-e | * |
| axis | c1211-e | * |
| axis | c1310-e_mk_ii | * |
| axis | c1410_mk_ii | * |
| axis | c1510 | * |
| axis | c1511 | * |
| axis | c1610-ve | * |
| axis | c1710 | * |
| axis | c1720 | * |
| axis | c6110 | * |
| axis | c8110 | * |
| axis | c8210 | * |
| axis | d1110 | * |
| axis | d201-s_xpt_q6075 | * |
| axis | d2110-ve | * |
| axis | d2210-ve | * |
| axis | d3110_mk_ii | * |
| axis | d4100-ve_mk_ii | * |
| axis | d4200-ve | * |
| axis | d6310 | * |
| axis | excam_xf_q1785 | * |
| axis | excam_xpt_q6075 | * |
| axis | f9104-b_main_unit | * |
| axis | f9104-b_mk_ii_main_unit | * |
| axis | f9111-r_mk_ii_main_unit | * |
| axis | f9111_main_unit | * |
| axis | f9111_mk_ii_main_unit | * |
| axis | f9114-b-r_mk_ii_main_unit | * |
| axis | f9114-b_main_unit | * |
| axis | f9114-bt | * |
| axis | f9114_main_unit | * |
| axis | fa51 | * |
| axis | fa51-b | * |
| axis | fa54 | * |
| axis | i7010-safety | * |
| axis | i7010-ve | * |
| axis | i7020 | * |
| axis | i8016-lve | * |
| axis | i8116-e | * |
| axis | i8307-ve | * |
| axis | m1055-l | * |
| axis | m1075-l | * |
| axis | m1135 | * |
| axis | m1135-e_mk_ii | * |
| axis | m1137 | * |
| axis | m1137-e_mk_ii | * |
| axis | m2035-le | * |
| axis | m2036-le | * |
| axis | m3057-plr_mk_ii | * |
| axis | m3085-v | * |
| axis | m3086-v | * |
| axis | m3086-v_mic | * |
| axis | m3088-v | * |
| axis | m3125-lve | * |
| axis | m3126-lve | * |
| axis | m3128-lve | * |
| axis | m3215-lve | * |
| axis | m3216-lve | * |
| axis | m3905-r | * |
| axis | m4215-lv | * |
| axis | m4215-v | * |
| axis | m4216-lv | * |
| axis | m4216-v | * |
| axis | m4218-lv | * |
| axis | m4218-v | * |
| axis | m4225-lve | * |
| axis | m4227-lve | * |
| axis | m4228-lve | * |
| axis | m4308-ple | * |
| axis | m4317-plr | * |
| axis | m4317-plve | * |
| axis | m4318-plr | * |
| axis | m4318-plve | * |
| axis | m4327-p | * |
| axis | m4328-p | * |
| axis | m5000 | * |
| axis | m5000-g | * |
| axis | m5074 | * |
| axis | m5075 | * |
| axis | m5075-g | * |
| axis | m5526-e | * |
| axis | m7104 | * |
| axis | m7116 | * |
| axis | p1245_mk_ii | * |
| axis | p1265_mk_ii | * |
| axis | p1275_mk_ii | * |
| axis | p1385 | * |
| axis | p1385-b | * |
| axis | p1385-be | * |
| axis | p1385-e | * |
| axis | p1387 | * |
| axis | p1387-b | * |
| axis | p1387-be | * |
| axis | p1387-le | * |
| axis | p1388 | * |
| axis | p1388-b | * |
| axis | p1388-be | * |
| axis | p1388-le | * |
| axis | p1465-le | * |
| axis | p1465-le-3 | * |
| axis | p1467-le | * |
| axis | p1468-le | * |
| axis | p1468-xle | * |
| axis | p1475-le | * |
| axis | p1518-e | * |
| axis | p1518-le | * |
| axis | p3265-lv | * |
| axis | p3265-lve | * |
| axis | p3265-lve-3 | * |
| axis | p3265-v | * |
| axis | p3267-lv | * |
| axis | p3267-lve | * |
| axis | p3267-lve_mic | * |
| axis | p3268-lv | * |
| axis | p3268-lve | * |
| axis | p3268-slve | * |
| axis | p3275-lv | * |
| axis | p3275-lve | * |
| axis | p3277-lv | * |
| axis | p3277-lve | * |
| axis | p3278-lv | * |
| axis | p3278-lve | * |
| axis | p3285-lv | * |
| axis | p3285-lve | * |
| axis | p3287-lv | * |
| axis | p3287-lve | * |
| axis | p3288-lv | * |
| axis | p3288-lve | * |
| axis | p3735-ple | * |
| axis | p3737-ple | * |
| axis | p3738-ple | * |
| axis | p3747-plve | * |
| axis | p3748-plve | * |
| axis | p3818-pve | * |
| axis | p3827-pve | * |
| axis | p3905-r_mk_iii | * |
| axis | p3925-lre | * |
| axis | p3925-r | * |
| axis | p3935-lr | * |
| axis | p4705-plve | * |
| axis | p4707-plve | * |
| axis | p4708-plve | * |
| axis | p5654-e | * |
| axis | p5654-e_mk_ii | * |
| axis | p5655-e | * |
| axis | p5676-le | * |
| axis | p7304 | * |
| axis | p7316 | * |
| axis | p9117-pv | * |
| axis | q1615-le_mk_iii | * |
| axis | q1615_mk_iii | * |
| axis | q1656 | * |
| axis | q1656-b | * |
| axis | q1656-be | * |
| axis | q1656-ble | * |
| axis | q1656-dle | * |
| axis | q1656-le | * |
| axis | q1686-dle | * |
| axis | q1715 | * |
| axis | q1728 | * |
| axis | q1728-le | * |
| axis | q1798-le | * |
| axis | q1800-le | * |
| axis | q1800-le-3 | * |
| axis | q1805-le | * |
| axis | q1806-le | * |
| axis | q1808-le | * |
| axis | q1809-le | * |
| axis | q1961-te | * |
| axis | q1961-xte | * |
| axis | q1971-e | * |
| axis | q1972-e | * |
| axis | q2101-te | * |
| axis | q2111-e | * |
| axis | q2112-e | * |
| axis | q3536-lve | * |
| axis | q3538-lve | * |
| axis | q3538-slve | * |
| axis | q3546-lve | * |
| axis | q3548-lve | * |
| axis | q3556-lve | * |
| axis | q3558-lve | * |
| axis | q3626-ve | * |
| axis | q3628-ve | * |
| axis | q3819-pve | * |
| axis | q3839-pve | * |
| axis | q3839-spve | * |
| axis | q4809-pve | * |
| axis | q6020-e | * |
| axis | q6074 | * |
| axis | q6074-e | * |
| axis | q6075 | * |
| axis | q6075-e | * |
| axis | q6075-s | * |
| axis | q6075-se | * |
| axis | q6078-e | * |
| axis | q6135-le | * |
| axis | q6225-le | * |
| axis | q6300-e | * |
| axis | q6315-le | * |
| axis | q6318-le | * |
| axis | q6355-le | * |
| axis | q6358-le | * |
| axis | q8615-e | * |
| axis | q8752-e | * |
| axis | q8752-e_mk_ii | * |
| axis | q9307-lv | * |
| axis | s3008 | * |
| axis | s3008_mk_ii | * |
| axis | s3016 | * |
| axis | s4000 | * |
| axis | v5925 | * |
| axis | v5938 | * |
| axis | w100 | * |
| axis | w101 | * |
| axis | w102 | * |
| axis | w110 | * |
| axis | w120 | * |
| axis | w401 | * |
| axis | xc1311 | * |
| axis | xf40-q1785 | * |
| axis | xfq1656 | * |
| axis | xpq1785 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an ACAP configuration file that lacks sufficient input validation, which could allow an attacker to execute arbitrary code. Exploitation requires the Axis device to be configured to allow installation of unsigned ACAP applications and for the attacker to convince the victim to install a malicious ACAP application.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to arbitrary code execution on the affected Axis device, potentially compromising the device's confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing ACAP applications from untrusted sources to prevent the risk of arbitrary code execution.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70