CVE-2025-6779

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-24

Assigner: Axis Communications AB

Description

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-11-11

Last Modified

2025-11-24

Generated

2026-06-16

AI Q&A

2025-11-11

EPSS Evaluated

2026-06-15

NVD

CVE-2025-6779

Affected Vendors & Products

Vendor	Product	Version / Range
axis	axis_os	From 12.0.0 (inc) to 12.6.40 (exc)
axis	a1210_\(-b\)	*
axis	a1214	*
axis	a1601	*
axis	a1610_\(-b\)	*
axis	a1710-b	*
axis	a1810-b	*
axis	a8207-ve_mk_ii	*
axis	c1110-e	*
axis	c1111-e	*
axis	c1210-e	*
axis	c1211-e	*
axis	c1310-e_mk_ii	*
axis	c1410_mk_ii	*
axis	c1510	*
axis	c1511	*
axis	c1610-ve	*
axis	c1710	*
axis	c1720	*
axis	c6110	*
axis	c8110	*
axis	c8210	*
axis	d1110	*
axis	d201-s_xpt_q6075	*
axis	d2110-ve	*
axis	d2210-ve	*
axis	d3110_mk_ii	*
axis	d4100-ve_mk_ii	*
axis	d4200-ve	*
axis	d6310	*
axis	excam_xf_q1785	*
axis	excam_xpt_q6075	*
axis	f9104-b_main_unit	*
axis	f9104-b_mk_ii_main_unit	*
axis	f9111-r_mk_ii_main_unit	*
axis	f9111_main_unit	*
axis	f9111_mk_ii_main_unit	*
axis	f9114-b-r_mk_ii_main_unit	*
axis	f9114-b_main_unit	*
axis	f9114-bt	*
axis	f9114_main_unit	*
axis	fa51	*
axis	fa51-b	*
axis	fa54	*
axis	i7010-safety	*
axis	i7010-ve	*
axis	i7020	*
axis	i8016-lve	*
axis	i8116-e	*
axis	i8307-ve	*
axis	m1055-l	*
axis	m1075-l	*
axis	m1135	*
axis	m1135-e_mk_ii	*
axis	m1137	*
axis	m1137-e_mk_ii	*
axis	m2035-le	*
axis	m2036-le	*
axis	m3057-plr_mk_ii	*
axis	m3085-v	*
axis	m3086-v	*
axis	m3086-v_mic	*
axis	m3088-v	*
axis	m3125-lve	*
axis	m3126-lve	*
axis	m3128-lve	*
axis	m3215-lve	*
axis	m3216-lve	*
axis	m3905-r	*
axis	m4215-lv	*
axis	m4215-v	*
axis	m4216-lv	*
axis	m4216-v	*
axis	m4218-lv	*
axis	m4218-v	*
axis	m4225-lve	*
axis	m4227-lve	*
axis	m4228-lve	*
axis	m4308-ple	*
axis	m4317-plr	*
axis	m4317-plve	*
axis	m4318-plr	*
axis	m4318-plve	*
axis	m4327-p	*
axis	m4328-p	*
axis	m5000	*
axis	m5000-g	*
axis	m5074	*
axis	m5075	*
axis	m5075-g	*
axis	m5526-e	*
axis	m7104	*
axis	m7116	*
axis	p1245_mk_ii	*
axis	p1265_mk_ii	*
axis	p1275_mk_ii	*
axis	p1385	*
axis	p1385-b	*
axis	p1385-be	*
axis	p1385-e	*
axis	p1387	*
axis	p1387-b	*
axis	p1387-be	*
axis	p1387-le	*
axis	p1388	*
axis	p1388-b	*
axis	p1388-be	*
axis	p1388-le	*
axis	p1465-le	*
axis	p1465-le-3	*
axis	p1467-le	*
axis	p1468-le	*
axis	p1468-xle	*
axis	p1475-le	*
axis	p1518-e	*
axis	p1518-le	*
axis	p3265-lv	*
axis	p3265-lve	*
axis	p3265-lve-3	*
axis	p3265-v	*
axis	p3267-lv	*
axis	p3267-lve	*
axis	p3267-lve_mic	*
axis	p3268-lv	*
axis	p3268-lve	*
axis	p3268-slve	*
axis	p3275-lv	*
axis	p3275-lve	*
axis	p3277-lv	*
axis	p3277-lve	*
axis	p3278-lv	*
axis	p3278-lve	*
axis	p3285-lv	*
axis	p3285-lve	*
axis	p3287-lv	*
axis	p3287-lve	*
axis	p3288-lv	*
axis	p3288-lve	*
axis	p3735-ple	*
axis	p3737-ple	*
axis	p3738-ple	*
axis	p3747-plve	*
axis	p3748-plve	*
axis	p3818-pve	*
axis	p3827-pve	*
axis	p3905-r_mk_iii	*
axis	p3925-lre	*
axis	p3925-r	*
axis	p3935-lr	*
axis	p4705-plve	*
axis	p4707-plve	*
axis	p4708-plve	*
axis	p5654-e	*
axis	p5654-e_mk_ii	*
axis	p5655-e	*
axis	p5676-le	*
axis	p7304	*
axis	p7316	*
axis	p9117-pv	*
axis	q1615-le_mk_iii	*
axis	q1615_mk_iii	*
axis	q1656	*
axis	q1656-b	*
axis	q1656-be	*
axis	q1656-ble	*
axis	q1656-dle	*
axis	q1656-le	*
axis	q1686-dle	*
axis	q1715	*
axis	q1728	*
axis	q1728-le	*
axis	q1798-le	*
axis	q1800-le	*
axis	q1800-le-3	*
axis	q1805-le	*
axis	q1806-le	*
axis	q1808-le	*
axis	q1809-le	*
axis	q1961-te	*
axis	q1961-xte	*
axis	q1971-e	*
axis	q1972-e	*
axis	q2101-te	*
axis	q2111-e	*
axis	q2112-e	*
axis	q3536-lve	*
axis	q3538-lve	*
axis	q3538-slve	*
axis	q3546-lve	*
axis	q3548-lve	*
axis	q3556-lve	*
axis	q3558-lve	*
axis	q3626-ve	*
axis	q3628-ve	*
axis	q3819-pve	*
axis	q3839-pve	*
axis	q3839-spve	*
axis	q4809-pve	*
axis	q6020-e	*
axis	q6074	*
axis	q6074-e	*
axis	q6075	*
axis	q6075-e	*
axis	q6075-s	*
axis	q6075-se	*
axis	q6078-e	*
axis	q6135-le	*
axis	q6225-le	*
axis	q6300-e	*
axis	q6315-le	*
axis	q6318-le	*
axis	q6355-le	*
axis	q6358-le	*
axis	q8615-e	*
axis	q8752-e	*
axis	q8752-e_mk_ii	*
axis	q9307-lv	*
axis	s3008	*
axis	s3008_mk_ii	*
axis	s3016	*
axis	s4000	*
axis	v5925	*
axis	v5938	*
axis	w100	*
axis	w101	*
axis	w102	*
axis	w110	*
axis	w120	*
axis	w401	*
axis	xc1311	*
axis	xf40-q1785	*
axis	xfq1656	*
axis	xpq1785	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-732	The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Attack-Flow Graph

Executive Summary

This vulnerability involves an ACAP configuration file with improper permissions that could allow command injection. It can potentially lead to privilege escalation if the Axis device is configured to allow the installation of unsigned ACAP applications and if an attacker convinces a user to install a malicious ACAP application.

Impact Analysis

The vulnerability can lead to command injection and privilege escalation on the affected Axis device, potentially allowing an attacker to gain higher privileges and execute unauthorized commands, which could compromise the device's security and functionality.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing any untrusted or unsigned ACAP applications to prevent exploitation.

Hi! I’m here to help you understand CVE-2025-6779. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-6779

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart