CVE-2025-5454
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-24
Assigner: Axis Communications AB
Description
Description
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install aΒ malicious ACAP application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | From 12.0.0 (inc) to 12.6.18 (exc) |
| axis | a1210_\(-b\) | * |
| axis | a1214 | * |
| axis | a1601 | * |
| axis | a1610_\(-b\) | * |
| axis | a1710-b | * |
| axis | a1810-b | * |
| axis | a8207-ve_mk_ii | * |
| axis | c1110-e | * |
| axis | c1111-e | * |
| axis | c1210-e | * |
| axis | c1211-e | * |
| axis | c1310-e_mk_ii | * |
| axis | c1410_mk_ii | * |
| axis | c1510 | * |
| axis | c1511 | * |
| axis | c1610-ve | * |
| axis | c1710 | * |
| axis | c1720 | * |
| axis | c6110 | * |
| axis | c8110 | * |
| axis | c8210 | * |
| axis | d1110 | * |
| axis | d201-s_xpt_q6075 | * |
| axis | d2110-ve | * |
| axis | d2210-ve | * |
| axis | d3110_mk_ii | * |
| axis | d4100-ve_mk_ii | * |
| axis | d4200-ve | * |
| axis | d6310 | * |
| axis | excam_xf_q1785 | * |
| axis | excam_xpt_q6075 | * |
| axis | f9104-b_main_unit | * |
| axis | f9104-b_mk_ii_main_unit | * |
| axis | f9111-r_mk_ii_main_unit | * |
| axis | f9111_main_unit | * |
| axis | f9111_mk_ii_main_unit | * |
| axis | f9114-b-r_mk_ii_main_unit | * |
| axis | f9114-b_main_unit | * |
| axis | f9114-bt | * |
| axis | f9114_main_unit | * |
| axis | fa51 | * |
| axis | fa51-b | * |
| axis | fa54 | * |
| axis | i7010-safety | * |
| axis | i7010-ve | * |
| axis | i7020 | * |
| axis | i8016-lve | * |
| axis | i8116-e | * |
| axis | i8307-ve | * |
| axis | m1055-l | * |
| axis | m1075-l | * |
| axis | m1135 | * |
| axis | m1135-e_mk_ii | * |
| axis | m1137 | * |
| axis | m1137-e_mk_ii | * |
| axis | m2035-le | * |
| axis | m2036-le | * |
| axis | m3057-plr_mk_ii | * |
| axis | m3085-v | * |
| axis | m3086-v | * |
| axis | m3086-v_mic | * |
| axis | m3088-v | * |
| axis | m3125-lve | * |
| axis | m3126-lve | * |
| axis | m3128-lve | * |
| axis | m3215-lve | * |
| axis | m3216-lve | * |
| axis | m3905-r | * |
| axis | m4215-lv | * |
| axis | m4215-v | * |
| axis | m4216-lv | * |
| axis | m4216-v | * |
| axis | m4218-lv | * |
| axis | m4218-v | * |
| axis | m4225-lve | * |
| axis | m4227-lve | * |
| axis | m4228-lve | * |
| axis | m4308-ple | * |
| axis | m4317-plr | * |
| axis | m4317-plve | * |
| axis | m4318-plr | * |
| axis | m4318-plve | * |
| axis | m4327-p | * |
| axis | m4328-p | * |
| axis | m5000 | * |
| axis | m5000-g | * |
| axis | m5074 | * |
| axis | m5075 | * |
| axis | m5075-g | * |
| axis | m5526-e | * |
| axis | m7104 | * |
| axis | m7116 | * |
| axis | p1245_mk_ii | * |
| axis | p1265_mk_ii | * |
| axis | p1275_mk_ii | * |
| axis | p1385 | * |
| axis | p1385-b | * |
| axis | p1385-be | * |
| axis | p1385-e | * |
| axis | p1387 | * |
| axis | p1387-b | * |
| axis | p1387-be | * |
| axis | p1387-le | * |
| axis | p1388 | * |
| axis | p1388-b | * |
| axis | p1388-be | * |
| axis | p1388-le | * |
| axis | p1465-le | * |
| axis | p1465-le-3 | * |
| axis | p1467-le | * |
| axis | p1468-le | * |
| axis | p1468-xle | * |
| axis | p1475-le | * |
| axis | p1518-e | * |
| axis | p1518-le | * |
| axis | p3265-lv | * |
| axis | p3265-lve | * |
| axis | p3265-lve-3 | * |
| axis | p3265-v | * |
| axis | p3267-lv | * |
| axis | p3267-lve | * |
| axis | p3267-lve_mic | * |
| axis | p3268-lv | * |
| axis | p3268-lve | * |
| axis | p3268-slve | * |
| axis | p3275-lv | * |
| axis | p3275-lve | * |
| axis | p3277-lv | * |
| axis | p3277-lve | * |
| axis | p3278-lv | * |
| axis | p3278-lve | * |
| axis | p3285-lv | * |
| axis | p3285-lve | * |
| axis | p3287-lv | * |
| axis | p3287-lve | * |
| axis | p3288-lv | * |
| axis | p3288-lve | * |
| axis | p3735-ple | * |
| axis | p3737-ple | * |
| axis | p3738-ple | * |
| axis | p3747-plve | * |
| axis | p3748-plve | * |
| axis | p3818-pve | * |
| axis | p3827-pve | * |
| axis | p3905-r_mk_iii | * |
| axis | p3925-lre | * |
| axis | p3925-r | * |
| axis | p3935-lr | * |
| axis | p4705-plve | * |
| axis | p4707-plve | * |
| axis | p4708-plve | * |
| axis | p5654-e | * |
| axis | p5654-e_mk_ii | * |
| axis | p5655-e | * |
| axis | p5676-le | * |
| axis | p7304 | * |
| axis | p7316 | * |
| axis | p9117-pv | * |
| axis | q1615-le_mk_iii | * |
| axis | q1615_mk_iii | * |
| axis | q1656 | * |
| axis | q1656-b | * |
| axis | q1656-be | * |
| axis | q1656-ble | * |
| axis | q1656-dle | * |
| axis | q1656-le | * |
| axis | q1686-dle | * |
| axis | q1715 | * |
| axis | q1728 | * |
| axis | q1728-le | * |
| axis | q1798-le | * |
| axis | q1800-le | * |
| axis | q1800-le-3 | * |
| axis | q1805-le | * |
| axis | q1806-le | * |
| axis | q1808-le | * |
| axis | q1809-le | * |
| axis | q1961-te | * |
| axis | q1961-xte | * |
| axis | q1971-e | * |
| axis | q1972-e | * |
| axis | q2101-te | * |
| axis | q2111-e | * |
| axis | q2112-e | * |
| axis | q3536-lve | * |
| axis | q3538-lve | * |
| axis | q3538-slve | * |
| axis | q3546-lve | * |
| axis | q3548-lve | * |
| axis | q3556-lve | * |
| axis | q3558-lve | * |
| axis | q3626-ve | * |
| axis | q3628-ve | * |
| axis | q3819-pve | * |
| axis | q3839-pve | * |
| axis | q3839-spve | * |
| axis | q4809-pve | * |
| axis | q6020-e | * |
| axis | q6074 | * |
| axis | q6074-e | * |
| axis | q6075 | * |
| axis | q6075-e | * |
| axis | q6075-s | * |
| axis | q6075-se | * |
| axis | q6078-e | * |
| axis | q6135-le | * |
| axis | q6225-le | * |
| axis | q6300-e | * |
| axis | q6315-le | * |
| axis | q6318-le | * |
| axis | q6355-le | * |
| axis | q6358-le | * |
| axis | q8615-e | * |
| axis | q8752-e | * |
| axis | q8752-e_mk_ii | * |
| axis | q9307-lv | * |
| axis | s3008 | * |
| axis | s3008_mk_ii | * |
| axis | s3016 | * |
| axis | s4000 | * |
| axis | v5925 | * |
| axis | v5938 | * |
| axis | w100 | * |
| axis | w101 | * |
| axis | w102 | * |
| axis | w110 | * |
| axis | w120 | * |
| axis | w401 | * |
| axis | xc1311 | * |
| axis | xf40-q1785 | * |
| axis | xfq1656 | * |
| axis | xpq1785 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an ACAP configuration file that does not properly validate input, which can allow a path traversal attack. This means an attacker could potentially access unauthorized files or directories. Exploiting this vulnerability could lead to privilege escalation, but only if the Axis device is set to allow installation of unsigned ACAP applications and if the attacker convinces a user to install a malicious ACAP application.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to escalate their privileges on the affected Axis device, potentially gaining unauthorized access to sensitive data or control over the device. This could compromise the security and integrity of the device and any systems it is connected to.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing ACAP applications from untrusted sources to prevent potential exploitation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70