CVE-2025-5454
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-24
Assigner: Axis Communications AB
Description
Description
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install aΒ malicious ACAP application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | From 12.0.0 (inc) to 12.6.18 (exc) |
| axis | a1210_\(-b\) | * |
| axis | a1214 | * |
| axis | a1601 | * |
| axis | a1610_\(-b\) | * |
| axis | a1710-b | * |
| axis | a1810-b | * |
| axis | a8207-ve_mk_ii | * |
| axis | c1110-e | * |
| axis | c1111-e | * |
| axis | c1210-e | * |
| axis | c1211-e | * |
| axis | c1310-e_mk_ii | * |
| axis | c1410_mk_ii | * |
| axis | c1510 | * |
| axis | c1511 | * |
| axis | c1610-ve | * |
| axis | c1710 | * |
| axis | c1720 | * |
| axis | c6110 | * |
| axis | c8110 | * |
| axis | c8210 | * |
| axis | d1110 | * |
| axis | d201-s_xpt_q6075 | * |
| axis | d2110-ve | * |
| axis | d2210-ve | * |
| axis | d3110_mk_ii | * |
| axis | d4100-ve_mk_ii | * |
| axis | d4200-ve | * |
| axis | d6310 | * |
| axis | excam_xf_q1785 | * |
| axis | excam_xpt_q6075 | * |
| axis | f9104-b_main_unit | * |
| axis | f9104-b_mk_ii_main_unit | * |
| axis | f9111-r_mk_ii_main_unit | * |
| axis | f9111_main_unit | * |
| axis | f9111_mk_ii_main_unit | * |
| axis | f9114-b-r_mk_ii_main_unit | * |
| axis | f9114-b_main_unit | * |
| axis | f9114-bt | * |
| axis | f9114_main_unit | * |
| axis | fa51 | * |
| axis | fa51-b | * |
| axis | fa54 | * |
| axis | i7010-safety | * |
| axis | i7010-ve | * |
| axis | i7020 | * |
| axis | i8016-lve | * |
| axis | i8116-e | * |
| axis | i8307-ve | * |
| axis | m1055-l | * |
| axis | m1075-l | * |
| axis | m1135 | * |
| axis | m1135-e_mk_ii | * |
| axis | m1137 | * |
| axis | m1137-e_mk_ii | * |
| axis | m2035-le | * |
| axis | m2036-le | * |
| axis | m3057-plr_mk_ii | * |
| axis | m3085-v | * |
| axis | m3086-v | * |
| axis | m3086-v_mic | * |
| axis | m3088-v | * |
| axis | m3125-lve | * |
| axis | m3126-lve | * |
| axis | m3128-lve | * |
| axis | m3215-lve | * |
| axis | m3216-lve | * |
| axis | m3905-r | * |
| axis | m4215-lv | * |
| axis | m4215-v | * |
| axis | m4216-lv | * |
| axis | m4216-v | * |
| axis | m4218-lv | * |
| axis | m4218-v | * |
| axis | m4225-lve | * |
| axis | m4227-lve | * |
| axis | m4228-lve | * |
| axis | m4308-ple | * |
| axis | m4317-plr | * |
| axis | m4317-plve | * |
| axis | m4318-plr | * |
| axis | m4318-plve | * |
| axis | m4327-p | * |
| axis | m4328-p | * |
| axis | m5000 | * |
| axis | m5000-g | * |
| axis | m5074 | * |
| axis | m5075 | * |
| axis | m5075-g | * |
| axis | m5526-e | * |
| axis | m7104 | * |
| axis | m7116 | * |
| axis | p1245_mk_ii | * |
| axis | p1265_mk_ii | * |
| axis | p1275_mk_ii | * |
| axis | p1385 | * |
| axis | p1385-b | * |
| axis | p1385-be | * |
| axis | p1385-e | * |
| axis | p1387 | * |
| axis | p1387-b | * |
| axis | p1387-be | * |
| axis | p1387-le | * |
| axis | p1388 | * |
| axis | p1388-b | * |
| axis | p1388-be | * |
| axis | p1388-le | * |
| axis | p1465-le | * |
| axis | p1465-le-3 | * |
| axis | p1467-le | * |
| axis | p1468-le | * |
| axis | p1468-xle | * |
| axis | p1475-le | * |
| axis | p1518-e | * |
| axis | p1518-le | * |
| axis | p3265-lv | * |
| axis | p3265-lve | * |
| axis | p3265-lve-3 | * |
| axis | p3265-v | * |
| axis | p3267-lv | * |
| axis | p3267-lve | * |
| axis | p3267-lve_mic | * |
| axis | p3268-lv | * |
| axis | p3268-lve | * |
| axis | p3268-slve | * |
| axis | p3275-lv | * |
| axis | p3275-lve | * |
| axis | p3277-lv | * |
| axis | p3277-lve | * |
| axis | p3278-lv | * |
| axis | p3278-lve | * |
| axis | p3285-lv | * |
| axis | p3285-lve | * |
| axis | p3287-lv | * |
| axis | p3287-lve | * |
| axis | p3288-lv | * |
| axis | p3288-lve | * |
| axis | p3735-ple | * |
| axis | p3737-ple | * |
| axis | p3738-ple | * |
| axis | p3747-plve | * |
| axis | p3748-plve | * |
| axis | p3818-pve | * |
| axis | p3827-pve | * |
| axis | p3905-r_mk_iii | * |
| axis | p3925-lre | * |
| axis | p3925-r | * |
| axis | p3935-lr | * |
| axis | p4705-plve | * |
| axis | p4707-plve | * |
| axis | p4708-plve | * |
| axis | p5654-e | * |
| axis | p5654-e_mk_ii | * |
| axis | p5655-e | * |
| axis | p5676-le | * |
| axis | p7304 | * |
| axis | p7316 | * |
| axis | p9117-pv | * |
| axis | q1615-le_mk_iii | * |
| axis | q1615_mk_iii | * |
| axis | q1656 | * |
| axis | q1656-b | * |
| axis | q1656-be | * |
| axis | q1656-ble | * |
| axis | q1656-dle | * |
| axis | q1656-le | * |
| axis | q1686-dle | * |
| axis | q1715 | * |
| axis | q1728 | * |
| axis | q1728-le | * |
| axis | q1798-le | * |
| axis | q1800-le | * |
| axis | q1800-le-3 | * |
| axis | q1805-le | * |
| axis | q1806-le | * |
| axis | q1808-le | * |
| axis | q1809-le | * |
| axis | q1961-te | * |
| axis | q1961-xte | * |
| axis | q1971-e | * |
| axis | q1972-e | * |
| axis | q2101-te | * |
| axis | q2111-e | * |
| axis | q2112-e | * |
| axis | q3536-lve | * |
| axis | q3538-lve | * |
| axis | q3538-slve | * |
| axis | q3546-lve | * |
| axis | q3548-lve | * |
| axis | q3556-lve | * |
| axis | q3558-lve | * |
| axis | q3626-ve | * |
| axis | q3628-ve | * |
| axis | q3819-pve | * |
| axis | q3839-pve | * |
| axis | q3839-spve | * |
| axis | q4809-pve | * |
| axis | q6020-e | * |
| axis | q6074 | * |
| axis | q6074-e | * |
| axis | q6075 | * |
| axis | q6075-e | * |
| axis | q6075-s | * |
| axis | q6075-se | * |
| axis | q6078-e | * |
| axis | q6135-le | * |
| axis | q6225-le | * |
| axis | q6300-e | * |
| axis | q6315-le | * |
| axis | q6318-le | * |
| axis | q6355-le | * |
| axis | q6358-le | * |
| axis | q8615-e | * |
| axis | q8752-e | * |
| axis | q8752-e_mk_ii | * |
| axis | q9307-lv | * |
| axis | s3008 | * |
| axis | s3008_mk_ii | * |
| axis | s3016 | * |
| axis | s4000 | * |
| axis | v5925 | * |
| axis | v5938 | * |
| axis | w100 | * |
| axis | w101 | * |
| axis | w102 | * |
| axis | w110 | * |
| axis | w120 | * |
| axis | w401 | * |
| axis | xc1311 | * |
| axis | xf40-q1785 | * |
| axis | xfq1656 | * |
| axis | xpq1785 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
