CVE-2025-5718
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-24
Assigner: Axis Communications AB
Description
Description
The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,Β and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | From 12.0.0 (inc) to 12.6.30 (exc) |
| axis | a1210_\(-b\) | * |
| axis | a1214 | * |
| axis | a1601 | * |
| axis | a1610_\(-b\) | * |
| axis | a1710-b | * |
| axis | a1810-b | * |
| axis | a8207-ve_mk_ii | * |
| axis | c1110-e | * |
| axis | c1111-e | * |
| axis | c1210-e | * |
| axis | c1211-e | * |
| axis | c1310-e_mk_ii | * |
| axis | c1410_mk_ii | * |
| axis | c1510 | * |
| axis | c1511 | * |
| axis | c1610-ve | * |
| axis | c1710 | * |
| axis | c1720 | * |
| axis | c6110 | * |
| axis | c8110 | * |
| axis | c8210 | * |
| axis | d1110 | * |
| axis | d201-s_xpt_q6075 | * |
| axis | d2110-ve | * |
| axis | d2210-ve | * |
| axis | d3110_mk_ii | * |
| axis | d4100-ve_mk_ii | * |
| axis | d4200-ve | * |
| axis | d6310 | * |
| axis | excam_xf_q1785 | * |
| axis | excam_xpt_q6075 | * |
| axis | f9104-b_main_unit | * |
| axis | f9104-b_mk_ii_main_unit | * |
| axis | f9111-r_mk_ii_main_unit | * |
| axis | f9111_main_unit | * |
| axis | f9111_mk_ii_main_unit | * |
| axis | f9114-b-r_mk_ii_main_unit | * |
| axis | f9114-b_main_unit | * |
| axis | f9114-bt | * |
| axis | f9114_main_unit | * |
| axis | fa51 | * |
| axis | fa51-b | * |
| axis | fa54 | * |
| axis | i7010-safety | * |
| axis | i7010-ve | * |
| axis | i7020 | * |
| axis | i8016-lve | * |
| axis | i8116-e | * |
| axis | i8307-ve | * |
| axis | m1055-l | * |
| axis | m1075-l | * |
| axis | m1135 | * |
| axis | m1135-e_mk_ii | * |
| axis | m1137 | * |
| axis | m1137-e_mk_ii | * |
| axis | m2035-le | * |
| axis | m2036-le | * |
| axis | m3057-plr_mk_ii | * |
| axis | m3085-v | * |
| axis | m3086-v | * |
| axis | m3086-v_mic | * |
| axis | m3088-v | * |
| axis | m3125-lve | * |
| axis | m3126-lve | * |
| axis | m3128-lve | * |
| axis | m3215-lve | * |
| axis | m3216-lve | * |
| axis | m3905-r | * |
| axis | m4215-lv | * |
| axis | m4215-v | * |
| axis | m4216-lv | * |
| axis | m4216-v | * |
| axis | m4218-lv | * |
| axis | m4218-v | * |
| axis | m4225-lve | * |
| axis | m4227-lve | * |
| axis | m4228-lve | * |
| axis | m4308-ple | * |
| axis | m4317-plr | * |
| axis | m4317-plve | * |
| axis | m4318-plr | * |
| axis | m4318-plve | * |
| axis | m4327-p | * |
| axis | m4328-p | * |
| axis | m5000 | * |
| axis | m5000-g | * |
| axis | m5074 | * |
| axis | m5075 | * |
| axis | m5075-g | * |
| axis | m5526-e | * |
| axis | m7104 | * |
| axis | m7116 | * |
| axis | p1245_mk_ii | * |
| axis | p1265_mk_ii | * |
| axis | p1275_mk_ii | * |
| axis | p1385 | * |
| axis | p1385-b | * |
| axis | p1385-be | * |
| axis | p1385-e | * |
| axis | p1387 | * |
| axis | p1387-b | * |
| axis | p1387-be | * |
| axis | p1387-le | * |
| axis | p1388 | * |
| axis | p1388-b | * |
| axis | p1388-be | * |
| axis | p1388-le | * |
| axis | p1465-le | * |
| axis | p1465-le-3 | * |
| axis | p1467-le | * |
| axis | p1468-le | * |
| axis | p1468-xle | * |
| axis | p1475-le | * |
| axis | p1518-e | * |
| axis | p1518-le | * |
| axis | p3265-lv | * |
| axis | p3265-lve | * |
| axis | p3265-lve-3 | * |
| axis | p3265-v | * |
| axis | p3267-lv | * |
| axis | p3267-lve | * |
| axis | p3267-lve_mic | * |
| axis | p3268-lv | * |
| axis | p3268-lve | * |
| axis | p3268-slve | * |
| axis | p3275-lv | * |
| axis | p3275-lve | * |
| axis | p3277-lv | * |
| axis | p3277-lve | * |
| axis | p3278-lv | * |
| axis | p3278-lve | * |
| axis | p3285-lv | * |
| axis | p3285-lve | * |
| axis | p3287-lv | * |
| axis | p3287-lve | * |
| axis | p3288-lv | * |
| axis | p3288-lve | * |
| axis | p3735-ple | * |
| axis | p3737-ple | * |
| axis | p3738-ple | * |
| axis | p3747-plve | * |
| axis | p3748-plve | * |
| axis | p3818-pve | * |
| axis | p3827-pve | * |
| axis | p3905-r_mk_iii | * |
| axis | p3925-lre | * |
| axis | p3925-r | * |
| axis | p3935-lr | * |
| axis | p4705-plve | * |
| axis | p4707-plve | * |
| axis | p4708-plve | * |
| axis | p5654-e | * |
| axis | p5654-e_mk_ii | * |
| axis | p5655-e | * |
| axis | p5676-le | * |
| axis | p7304 | * |
| axis | p7316 | * |
| axis | p9117-pv | * |
| axis | q1615-le_mk_iii | * |
| axis | q1615_mk_iii | * |
| axis | q1656 | * |
| axis | q1656-b | * |
| axis | q1656-be | * |
| axis | q1656-ble | * |
| axis | q1656-dle | * |
| axis | q1656-le | * |
| axis | q1686-dle | * |
| axis | q1715 | * |
| axis | q1728 | * |
| axis | q1728-le | * |
| axis | q1798-le | * |
| axis | q1800-le | * |
| axis | q1800-le-3 | * |
| axis | q1805-le | * |
| axis | q1806-le | * |
| axis | q1808-le | * |
| axis | q1809-le | * |
| axis | q1961-te | * |
| axis | q1961-xte | * |
| axis | q1971-e | * |
| axis | q1972-e | * |
| axis | q2101-te | * |
| axis | q2111-e | * |
| axis | q2112-e | * |
| axis | q3536-lve | * |
| axis | q3538-lve | * |
| axis | q3538-slve | * |
| axis | q3546-lve | * |
| axis | q3548-lve | * |
| axis | q3556-lve | * |
| axis | q3558-lve | * |
| axis | q3626-ve | * |
| axis | q3628-ve | * |
| axis | q3819-pve | * |
| axis | q3839-pve | * |
| axis | q3839-spve | * |
| axis | q4809-pve | * |
| axis | q6020-e | * |
| axis | q6074 | * |
| axis | q6074-e | * |
| axis | q6075 | * |
| axis | q6075-e | * |
| axis | q6075-s | * |
| axis | q6075-se | * |
| axis | q6078-e | * |
| axis | q6135-le | * |
| axis | q6225-le | * |
| axis | q6300-e | * |
| axis | q6315-le | * |
| axis | q6318-le | * |
| axis | q6355-le | * |
| axis | q6358-le | * |
| axis | q8615-e | * |
| axis | q8752-e | * |
| axis | q8752-e_mk_ii | * |
| axis | q9307-lv | * |
| axis | s3008 | * |
| axis | s3008_mk_ii | * |
| axis | s3016 | * |
| axis | s4000 | * |
| axis | v5925 | * |
| axis | v5938 | * |
| axis | w100 | * |
| axis | w101 | * |
| axis | w102 | * |
| axis | w110 | * |
| axis | w120 | * |
| axis | w401 | * |
| axis | xc1311 | * |
| axis | xf40-q1785 | * |
| axis | xfq1656 | * |
| axis | xpq1785 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the ACAP Application framework allows privilege escalation through a symlink attack. It can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications and if an attacker convinces a user to install a malicious ACAP application.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to privilege escalation, potentially allowing an attacker to gain higher-level access on the Axis device. This can result in full control over the device, compromising confidentiality, integrity, and availability of the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing ACAP applications from untrusted sources to prevent the risk of privilege escalation through malicious applications.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70