CVE-2025-6298
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-12
Assigner: Axis Communications AB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | 12.6.27 |
| axis | axis_os | 12.6.28 |
| axis | axis_os | 12.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves ACAP applications on Axis devices gaining elevated privileges due to improper input validation. It can lead to privilege escalation if the device is configured to allow installation of unsigned ACAP applications and an attacker convinces a user to install a malicious ACAP application.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing an attacker to gain higher-level access on the Axis device. This can result in unauthorized control, data compromise, or disruption of device functionality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing ACAP applications from untrusted sources to prevent privilege escalation.